Cyberattacks have been at the forefront of healthcare leaders' minds in recent months after the wide-scale Change Healthcare incident.
Spine and orthopedic practices are also staying alert. In the first month of 2024 alone, four groups reported data breach incidents.
Five spine surgeons shared their strategies to prevent data breaches.
Ask Spine Surgeons is a weekly series of questions posed to spine surgeons around the country about clinical, business and policy issues affecting spine care. Becker's invites all spine surgeon and specialist responses.
Next question: How will spine surgeons in 10 years look at the current state of the field?
Please send responses to Carly Behm at cbehm@beckershealthcare.com by 5 p.m. CST Wednesday, April 10.
Editor's note: Responses were lightly edited for clarity and length.
Question: How is your practice safeguarding against cyberattack threats?
Brian Fiani, DO. Mendelson Kornblum Orthopedic & Spine Specialists (West Bloomfield, Mich.): Medical practices can safeguard against cyberattack threats by implementing robust cybersecurity measures, such as encrypting patient data, regularly updating software and systems, training staff on cybersecurity best practices and conducting regular security audits. It's also important to have a response plan in place in case of a cyberattack and to educate patients on how to protect their personal information.
Brian Gantwerker, MD. The Craniospinal Center of Los Angeles: At this point, cyberattacks are now becoming as frequent as traffic jams. Best practices are often dictated by the size and scope of your individual practice. Frequent software updates, physical firewall apparatus, and routine check-ins with your IT is the best way to keep safe. Using end-to-end encryption for emails and also utilizing complex passwords and 2-factor-authentication help slow them down. The most important thing is to not open emails from unfamiliar addresses. This is by far and away the single easiest and most sinister way they get access.
Jeffrey Carlson, MD. Orthopaedic & Spine Center (Newport News, Va.): We take cyber threats very seriously. Obviously with records, health data and radiographs running from completely online servers, blocking the access to that information makes our practice severely limited in function and efficiency. We have used several online cloud storage services that provide firewalls for the servers and redundancy of our information. The greater threat comes from our internal staff computers and potential malware that can be downloaded unintentionally. We have separated our internal systems and servers from our patient care data to minimize the risk. We have a diligent IT team that is acutely aware of the changing dynamics in system exposure risk. I don’t believe there is any way to ensure the data will never be at risk, but we try our best to maximize security and minimize the access points.
Emeka Nwodim, MD. Centers for Advanced Orthopaedics (Bethesda, Md.): Cyberattacks have become a significant threat to the healthcare industry. These threats often pose substantial financial risk to both small and large healthcare institutions. At CAO, there are multiple measures being implemented to try to safeguard our systems, with the understanding that there will always be risk. I believe the primary focus should be educating our members and staff on corporatewide compliance protocols and policies to help avoid scams. Currently at my practice, we safeguard against cyberattacks and scams through corporatewide emails that educate our members on potential phishing scams, as well as routine webinars on protective measures to avoid becoming a victim or enabling a cyberattack.
Christian Zimmerman, MD. St. Alphonsus Medical Group and SAHS Neuroscience Institute (Boise, Idaho): Our parent corporation uses a commercial company for its data encryption and transference. Antiviral, cloud-based accessibility provides basic data privacy controls, user management and some mobile device management features.
Albeit assured in its product usage, the latest data breach experienced by United Health, pharmacy billing and delivery system was both costly and prolonged, there clearly exists potential threats of hacking and destruction with any device use. The extortion to patients and systems by such amoral individuals is beyond explanation nor condonement.