Two-factor authentication is one of many methods used to protect patient information as ransomware attacks become more prevalent among physician practices in addition to hospitals and health systems.
In 2020, healthcare data breaches increased 55.1 percent, with three large orthopedic groups reporting ransomware attacks in the past year.
Ernest Braxton, MD, a neurosurgeon at Vail-Summit Orthopaedics & Neurosurgery in Vail, Colo., told Becker's Spine Review how his practice is protecting itself from cyberattacks.
Note: Responses are lightly edited for style and clarity.
Question: Healthcare saw a surge of high-profile ransomware attacks in 2020. How will orthopedic practices address cybersecurity challenges as virtual care continues to evolve?
Dr. Ernest Braxton: Recent cyberattacks have been disturbing and disruptive to the practice of medicine. Education, vigilance and two-factor authentication have been the focus for our organization. We are taking a proactive approach for ensuring and enforcing cybersecurity for our practice. We are in the process of having our entire organization enrolled in security awareness training, just like military healthcare workers do, with simulated attacks and cyber-strength knowledge assessments. Education and vigilance are strategies and ideologies focused on identifying and alerting our IT department of malicious emails infiltrating our system. By training staff to be proactive, we can reduce the odds of threats accessing our system with ransomware attacks.
Two-factor authentication is another simple and effective way to mitigate unauthorized access to our patient data, images and secure networks. By incorporating a second device in the authentication process, brute force attacks and weak passwords are no longer in play. These criminal hackers have traditionally targeted large hospital systems, but I believe that spine and orthopedic practices may seem like a softer target. Unfortunately, it's a cat and mouse game with extremely high stakes. I think that spine and orthopedic practices will also look to obtaining insurance policy coverage if a successful ransomware attack is perpetrated.