Four physician-owned spine practices reported cyberattacks this year as the number of healthcare data breaches continues to rise because of the increased threat posed by the Russian government, according to the American Hospital Association.
Christiana Spine Center in Newark, Del., was the latest spine practice to report a ransomware attack, with Jacksonville, Fla.-based Jax Spine and Pain Centers, Oradell-based New Jersey Brain and Spine and Boca Raton-based IRise Florida Spine and Joint Institute experiencing similar threats earlier this year.
Hackers have traditionally targeted large hospitals and health systems but may see smaller physician practices with less resources as softer targets, according to Ernest Braxton, MD, a neurosurgeon at Vail-Summit Orthopaedics & Neurosurgery in Vail, Colo.
Dr. Braxton described healthcare cyberattacks as "a cat-and-mouse game with extremely high stakes," and shared what security methods his practice is implementing to protect patient information, including names, addresses, Social Security numbers and financial and health information.
"We are in the process of having our entire organization enrolled in security awareness training, just like military healthcare workers do, with simulated attacks and cyber-strength knowledge assessments," Dr. Braxton said. "Education and vigilance are strategies and ideologies focused on identifying and alerting our IT department of malicious emails infiltrating our system. By training staff to be proactive, we can reduce the odds of threats accessing our system with ransomware attacks."
Other defense measures physician groups should consider include implementing two-factor authentication to access networks, staff training on the increased risk of receiving malware-laden phishing emails and checking the redundancy, resiliency and security of networks and data backups.