The Intake

Insights for those starting, managing, and growing independent healthcare practices

Physician cybersecurity: 9 tips to protect patient health records from cyberattacks

Healthcare providers can protect patient records and help prevent cyber threats with these actionable tips.

tips for physicians on cyberattacks

At a Glance

  • The ransomware attack on Change Healthcare, described as the “most serious” by the American Hospital Association, showcases the vulnerability of the healthcare industry to cyber threats
  • Cybercriminals can target patient data to extort healthcare providers, which can lead to significant privacy violations, identity theft, and trauma for patients — alongside operational and legal consequences for providers
  • This guide offers 9 essential tips for healthcare providers to protect patient health records, including implementing strong passwords, regularly updating software, encrypting data, educating staff on cybersecurity, securing third-party vendors, and more

On February 21, 2024, a ransomware attack on Change Healthcare, a key player in the United States healthcare system — has impacted healthcare organizations across the US. This incident, labeled the "most serious" of its kind by the American Hospital Association, threatens a vast network managing 1 in 3 patient records and 15 billion healthcare transactions annually.

The impact ripples across the industry — affecting an estimated 800,000 physicians, 117,000 dentists, 60,000 pharmacies, 5,500 hospitals, and nearly all government and commercial players. 

By staying informed about this developing situation, healthcare businesses can take steps to minimize disruptions in patient care, financial losses, and other negative consequences.

What is the Change Healthcare cyberattack?

A ransomware attack by ALPHV/BlackCat compromised Change Healthcare, a subsidiary handling patient records, revenue cycle, and prescriptions for Optum, on February 21st, 2024. United Healthcare Group (UHG), Optum's parent, disconnected Change Healthcare to contain the attack. The impact of this shutdown is believed to be affecting over $100 million in provider reimbursement daily, with possible provider impacts including: 

  • Issues filling prescriptions
  • Unprocessed claims
  • Missing ERA 
  • Delayed provider reimbursement
  • Potential timely filing issues for impacted claims
  • Failed eligibility transactions 

As of March 11, 2024, Change Healthcare continues to experience an interruption in service to some eligibility checks, claim submissions, clearinghouse reports, and electronic remittance (ERA) processing for certain payers.

To stay updated on latest developments, check out our guide "Daily updates: What to know about the Change Healthcare cyberattack."

The recent attack on Change Healthcare highlights the ever-present threat of cyberattacks in the healthcare industry. While ransomware attacks like this one can be devastating, they are just one tactic used by cybercriminals.

Here's a look at some of the most typical cyberattacks targeting healthcare providers.

Most common healthcare provider cyberattacks 

  • Phishing attacks: Deceptive emails that often appear to come from legitimate sources like colleagues, patients, or even healthcare institutions. They may contain urgent requests or enticing offers, tricking recipients into clicking malicious links or downloading attachments that infect devices with malware.
  • Malware: This malicious software can take many forms, including viruses, spyware, and ransomware. Malware can steal sensitive patient data, disrupt operations, and even hold systems hostage for ransom payments.
  • Data breaches: Unauthorized individuals gain access to protected patient information. Data breaches can happen through various means — including hacking into computer systems, exploiting software vulnerabilities, or even physical theft of devices containing sensitive data.

Jesse Salmon, Manager of Information Security at Tebra, reports that, "Patient data is so valuable to cybercriminals because they use it to extort healthcare providers. In this way, HIPAA regulations make it an ideal pressure point, because by threatening to release patient records, providers are forced to pay massive ransoms to avoid costly HIPAA violations, litigation, and reputational damage." 

By threatening to release patient records, providers are forced to pay massive ransoms to avoid costly HIPAA violations, litigation, and reputational damage.
Jesse Salmon, Manager of Information Security at Tebra

A patient data breach can lead to privacy violations, identity theft, and psychological trauma for patients. It can also cripple operations and lead to regulatory fines and lawsuits. Patient data lacks monetary value, but its regulatory liabilities make it leverage for extracting ransoms from providers.

Understanding common cyberattack methods and why patient data is so valuable helps practices to take proactive steps to safeguard both their patient information and healthcare systems. 

What are the biggest cybersecurity threats facing physicians and their patients today?

Salmon notes that, “One of the biggest cybersecurity threats facing physicians today is double extortion ransomware attacks. Modern ransomware groups don't just encrypt data — they also exfiltrate sensitive records to extort even higher payments by threatening to leak the data publicly, violating regulations like HIPAA."

The recent $22 million ransom Change Healthcare reportedly paid to ALPHV/BlackCat exemplifies this nightmare scenario. Despite the massive payment, a BlackCat affiliate claims BlackCat kept the full ransom while still retaining possession of over 4TB of stolen data from Change Healthcare partners like CVS-Caremark, Health Net, and MetLife.

If that is accurate and sensitive data is leaked due to a disgruntled affiliate, this leaves Change Healthcare vulnerable to regulatory penalties, lawsuits, and further disastrous consequences — even after paying a huge ransom.

Key takeaways from the attack

The Change Healthcare cyberattack offers 3 critical takeaways for healthcare providers and physicians: 

1. Recovery from ransomware attacks may take longer than expected. It’s essential to have robust business continuity and disaster recovery plans in place. 

2. Paying the ransom is not a guaranteed solution to the problem, so preventive measures are crucial. 

3. Human error is the primary cause of ransomware attacks, so continuous security awareness training for all staff is vital.

How is data protected in healthcare?

Healthcare organizations use various methods to protect patient data, such as the following:

  • Encryption: Data is scrambled using algorithms to render it unreadable without a decryption key.
  • Access controls: Only authorized personnel can access patient data based on their roles and responsibilities.
  • Firewalls and intrusion detection systems: These tools monitor network traffic to detect and prevent unauthorized access attempts.
  • Health Insurance Portability and Accountability Act (HIPAA compliance): Healthcare organizations must comply with HIPAA which sets national standards for protecting patient data.

Find information about each of these and more in the security measures guidance below.

Get the playbook

What security measures should be taken to protect patients' healthcare data?

Here are 9 essential tips to help physicians and healthcare providers protect patient health records from cyberattacks.

1. Implement strong passwords and Multi-Factor Authentication (MFA) 

Enforce complex password policies for all users and require MFA for sensitive applications. MFA requires a second factor, like a phone code, beyond a password for users to access accounts.

2. Regularly update software and patch vulnerabilities

Outdated software can contain unpatched vulnerabilities that hackers can exploit. Make it a priority to update software and operating systems on all devices used to access patient data promptly. Regularly update all network devices — including routers, switches, and firewalls — with the latest security patches and prioritize areas for improvement.

3. Encrypt data at rest and in transit

Sensitive patient data should be encrypted both when stored on devices (data at rest) and when transmitted over networks (data in transit). Encryption scrambles data and renders it unreadable to unauthorized individuals.

4. Educate staff on cybersecurity

Train staff on cybersecurity best practices, including recognizing phishing attempts, proper data handling procedures, and reporting suspicious activity. Clearly communicate cybersecurity policies and procedures to all employees and encourage them to report any suspicious activity or potential security incidents immediately. Regular training helps staff stay vigilant against evolving cyber threats.

Consider engaging a vendor to provide security awareness training on a recurring basis. These services can provide comprehensive reviews of the latest learnings about different security threats and show your staff how to be present for them.

5. Secure third-party vendors

It’s crucial to have a solid grasp of cybersecurity standards such as HITRUST, SOC I and II, and PCI, among others. "Ensure your vendors that handle either Protected Health Information (PHI), financial transactions, etc. have received certifications for those standards," says Anthony Comfort, VP of Product Management.

Incorporate a thorough security review as a standard part of your vendor selection process. For instance, use industry best practices such as NIST (National Institute of Standards and Technology) to develop a comprehensive questionnaire. This questionnaire helps with insights into how vendors manage sensitive data like PHI, the protective measures they have implemented, and their ongoing monitoring strategies for identifying and mitigating threats. 

By integrating these practices into your vendor evaluation procedures, you can significantly enhance the security posture of your organization and mitigate potential risks associated with third-party partnerships.

6. Minimize data access

Follow the principle of least privilege, granting users access to only the minimum amount of data they need to perform their jobs. This reduces the potential damage if a breach occurs.

For example, more practices are enlisting the use of telemedicine for their practices — which presents unique cybersecurity challenges. These off-the-shelf video apps might mean compromising on encryption and HIPAA compliance. Plus, connecting providers and patients over public networks adds more vulnerable points. Telemedicine requires access to patient data from less controlled environments. 

To tackle these challenges, practices should limit telemedicine use to approved devices — along with performing risk assessments and providing regular security awareness training to staff.

7. Secure your network

Proper security protects a company’s internet network, infrastructure, and data to prevent cyberattacks and data breaches.

Implement a firewall and intrusion detection system (IDS) to monitor network traffic and identify potential attacks. Also enforce strong wireless network security measures, including WPA2 encryption and unique passwords for each access point. Avoid public Wi-Fi for accessing patient data. 

8. Back up your data regularly

Regularly create backups of patient data and store them securely offsite in case of a cyberattack or system failure. Backups allow for data recovery in the event of a breach.

9. Develop a data breach response plan

Have a plan in place for responding to a data breach. This plan should include steps for containing the breach, notifying patients and authorities, and mitigating damage. Regularly test your response plan to ensure its effectiveness.

How can nurses prevent cyberattacks?

Nurses are uniquely positioned to help protect against — and report — cybercrimes because they are one of the largest employed populations in the healthcare industry. They are also on the front line of patient care and healthcare technology use. Nurses play a critical role in preventing cyberattacks by following these steps:

  • Be cautious with emails: Don't click on suspicious links or attachments.
  • Report suspicious activity: Inform IT or security personnel of any unusual requests or security concerns.
  • Follow established protocols: Always adhere to data security policies for handling patient information.
  • Use strong passwords: Create complex passwords and update them regularly.
  • Don't plug personal or unauthorized devices into workstations or work devices. If a device has previously been connected into another one infected with malicious software, then you could inadvertently infect your workstation with the same malware — opening up hackers to your network.
  • Be mindful of physical security: Don't leave patient charts or devices unattended.

Staying informed on cyberattacks 

For ongoing vigilance about new cyber threats and evolving security best practices, subscribe to authoritative threat intelligence feeds and advisories from trusted sources such as:

For continuous monitoring of network traffic and security events, consider using EDR (Endpoint Detection and Response) tools in addition to traditional Anti-virus (AV).

EDR tools: 

  • Offer a more advanced and comprehensive approach to endpoint security than conventional AV software
  • Continuously monitor all activity across an organization's devices in detail, leveraging machine learning and behavioral analytics to detect new and unknown threats 
  • Provides forensic data capture and advanced investigation capabilities to respond to identified threats in real-time. It also integrates with up-to-the-minute threat intelligence feeds to continuously enhance detections

Leading EDR platforms also integrate with up-to-the-minute threat intelligence feeds on emerging attack vectors, malware strains, adversary group tactics, and more to continuously enhance detections.

The importance of cybersecurity awareness and preparedness

It is imperative that all medical practice staff embrace their unique positions on the front lines of defense — by implementing robust security protocols, engaging in continuous education on cyber threats, and adhering to best practices for data protection. By fostering a culture of cybersecurity awareness and preparedness, the healthcare industry can better safeguard against future cyberattacks, ensuring the integrity of patient care and the protection of sensitive health information.

Tebra, the leading practice automation solution, houses all services on a highly secure and controlled platform. Learn how Tebra provides many of the above safeguards, such as encryption and backups, through a free demo.

Subscribe to The Intake:
A weekly check-up for your independent practice

Becky Whittaker, specialist SEO copywriter

Becky Whittaker is a specialist SEO copywriter with over a decade of experience and an interest in healthcare and legal marketing. Becky believes that independent practices are critical because they have more opportunities to deliver better patient care and personalize patients’ experiences. She also has a personal connection to the healthcare industry, as her sister-in-law is a pediatrician.

Get expert tips, guides, and valuable insights for your healthcare practice