This past February, a major cyberattack disrupted hundreds of thousands of pharmacies and healthcare providers connected to Change Healthcare, part of UnitedHealth Group. The breach caused havoc on processing payments, authorizations, prescription refills, and other operations for weeks, and some services are still being restored.
According to the Money Watch story on CBS News, “UnitedHealth data breach caused by lack of multifactor authentication, CEO says, “Hackers breached the computer system of a UnitedHealth Group subsidiary and released ransomware after stealing someone’s password. The cybercriminals entered through a portal that didn’t have multifactor authentication (MFA) enabled.”
And per the article, “Change Healthcare Cyberattack Is Still Disrupting Pharmacies, Other Providers,” in Insurance Journal: “The plan’s ability to send payments to providers or members being reimbursed for care has also been crippled, delaying payments in the tens of millions of dollars,” the executive said.
Because Change Healthcare handles all the payments, even claims that had been processed before the Change outage or that it received via other networks can’t be paid. The plan is considering whether to begin the difficult process of sending payments manually.
I didn’t see a lot of media coverage about this cyberattack when it first happened. But now, as UnitedHealth Group must inform customers that their data was breached, you are starting to see more and more news stories relative to this issue.
For example, the HealthcareDive article, “Change Healthcare starts sending data breach notifications after cyberattack,” indicated that: “Change Healthcare has started sending out data breach notifications after a cyberattack against the payments processor earlier this year compromised information like Social Security numbers and medical diagnoses for a potentially massive swath of Americans. Exposed data could include contact information, health insurance details, medical information like diagnoses and test results, billing and payment information, and personal details like Social Security numbers or ID numbers, according to Change’s notice.”
DID THIS CYBERATTACK AFFECT YOU?
It definitely caused stress in our office as we dealt with downed insurance systems, long holds via phone for customer service, and the negative effects of the whole situation.
However, this cyberattack serves as a good wake-up call.
With our busy schedules, we often rely too much on the status quo and use the same apps, software, and security systems as our associates. Just sign the contract, and they’ll take care of everything. This is definitely easy, but with cyber hacking on the rise, it’s time to take more control of our data.
There isn’t much we can do when big companies like UnitedHealth get hacked, but there are steps we can take to protect our data as much as possible.
TIPS TO PROTECT YOUR PRACTICE FROM CYBERATTACKS
1. Take Control.
Instead of relying on referrals or automatically going with the most popular security service, take control of your information. Know what data must be protected and what is necessary to do so.
Talk to the experts at the security system solutions you are thinking about using and ask them how they protect your data, how often it is backed up, and the steps they take to counter ongoing cyberattacks.
If you don’t understand their responses, ask for clarification.
2. Create an Office Security Policy.
Hiring a security solution is important, but your data protection doesn’t stop there. It’s essential to develop internal policies on how data is used, stored, and protected.
Create a document that indicates how to protect passwords, what can and cannot be sent over email or the Internet, and how to consistently protect patient privacy and your intellectual property.
Also include information on what to do if there is a physical attack in the office so that your team members know how to respond. This “office security protocol” should be reviewed and updated regularly.
3. Train Your Team.
The massive cyberattack at UnitedHealth Group started with a leaked password. This just shows how important it is to think about the “little” things.
Once you develop your security policy, regularly share it and updates related to security and privacy with your team members. Inform them not to open emails or attachments, or click on links within an email if they do not know the sender.
Plus, it’s essential to use full encryption software to protect sensitive data, keep all of your software updated accordingly, and create regular backups so that you can access your data at any time if there is a breach. More important, ensure that your team members know how to use all of your software and systems correctly.
TAKE CHARGE OF YOUR DATA
While providing excellent care is a top goal in the medical profession, it’s also important to give data encryption and security a high priority. After all, if your data is breached, you risk losing your practice, reputation, and all of the years of hard work you sacrificed to get where you are today.
It doesn’t need to be difficult. Just set aside time to learn what your practice needs to be as secure as possible, implement those processes, and educate your team members about current policies and procedures on a regular basis.
This way, you can relax a little bit knowing that you have done everything possible to prepare for the next security threat and protect what matters most to your practice’s survival.
ABOUT THE AUTHOR
Dr. James Babiuk, also known as TheWisdomToothDoc, is the founder of The Centre for Oral Surgery in Joliet, Illinois, https://wisdomteethjoliet.com, an international speaker and the author of “What Every Parent of an Adolescent Needs to Know About Opioids.” A graduate of Northwestern University, Dr. Babiuk taught oral surgery and outpatient anesthesia to residents in training at Cook County/Stroger Hospital in Chicago and has been in practice for over 25 years with 29-plus years of anesthesia experience and well over 234,737 teeth extractions. He is known for holistic oral surgery, focusing on all aspects of the patient and going above and beyond to exceed their unique needs.
FEATURED IMAGE CREDIT: TippaPatt/Shutterstock.com.