• aba
  • aaj
  • superlawyers
  • BBB
  • AVVO
  • icoa

Medical Practices Facing Cyber Attacks Of Increased Sophistication

According to a recent report in Medical Economics, cybercriminals are heightening their levels of sophistication to more effectively attack medical practices. They are sending emails to employees of the practice encouraging them to click links that launch installations of ransomware. Another tactic involves accessing networks through medical equipment that connect to the internet with outdated security protection. Social media is a tool used to “trick” staffers into disclosing confidential patient information or financial data.

Medical providers are in a position where they may be exposed to liability when data that they store is unlawfully accessed. They often possess critical patient data including social security numbers, private medical information, and payment information including credit card or bank account numbers.

Criminals Expose Vulnerabilities

Kevin Johnson, the CEO of Secure Ideas, a security company, explains that malware has shown to be effective in provoking users to click on links that install ransomware. He says that this year’s threats are largely the same as last year; therefore, those who have upgraded their security since then should be reasonably secure. The Federal Trade Commission defines malware as being any “unwanted software” that may operate on a computer or device without consent from the user. It is often in the form of a virus or spyware.

Small Practices Targeted

Smaller practices are being warned not to assume that they are unlikely to be targeted by a cybercriminal. Johnson explained that the criminals are targeting their attacks on a mass scale. The attacks are heavily automated and require the same amount of effort to target hundreds of people as is needed to target just a few. There are some hackers that do specialize in targeting individual practices.

Understanding Ransomware

Medical practices should implement a broad-based security plan that defends against ransomware. Many victims in the healthcare sector are paying the ransoms, which is further motivating these criminal activities to continue. Sometimes, paying the ransom will not actually eliminate the threat because the code is not well written and will fail to restore the organization’s data.

Phishing Attacks

Cybercriminals are using emails that appear to be sent from legitimate sources, such as an individual they know. These phishing attacks are able to be effective because they appear to be realistic. It is common that the content of the email will contain the names of other staff that work for the same organization. Although this requires the criminal to conduct some basic research, it may greatly increase the effectiveness of the scheme. Another phishing tactic involves linking an unsuspecting victim to a phony website that appears legitimate that they may regularly use. The site will be used to gather the victim’s login and password information.

Best Security Practices

  • Your system should be professionally assessed for possible vulnerabilities each year
  • Users should have different passwords for each way they may access the network
  • There is no reason to purchase computers that are more powerful or have significantly more capability than is necessary
  • Try to transition the majority of your data storage to a cloud-based service

About the Author

Briggs Bedigian
Briggs Bedigian

H. Briggs Bedigian (“Briggs”) is a founding partner of Gilman & Bedigian, LLC.  Prior to forming Gilman & Bedigian, LLC, Briggs was a partner at Wais, Vogelstein and Bedigian, LLC, where he was the head of the firm’s litigation practice.  Briggs’ legal practice is focused on representing clients involved in medical malpractice and catastrophic personal injury cases. 


There are no comments for this post. Be the first and Add your Comment below.


Your email address will not be published. Required fields are marked *

    Contact Us Now

    Call 800-529-6162 or complete the form. Phones answered 24/7. Most form responses within 5 minutes during business hours, and 2 hours during evenings and weekends.

    100% Secure & Confidential


    Generic selectors
    Exact matches only
    Search in title
    Search in content
    Post Type Selectors
    Search in posts
    Search in pages

      100% Secure & Confidential