Ransomware attacks continue to target the healthcare sector. Black Talon Security, a leading NY-based national cybersecurity firm, offers 10 tips that all dermatology practices should follow to keep data secure and protect patient records.

Results of a survey conducted by the Department of Health and Human Services at the start of 2021, show that 34% of healthcare organizations were hit by ransomware in the last year. Among those hit by ransomware attacks, about two-thirds (65%) said the cybercriminals succeeded in encrypting their data in the most significant attack. 

“Preventing the theft of data and protecting business continuity must be a primary focus for owners of practices of all sizes; 75% of ransomware attacks in particular result in the theft of most or all of the business data,” says Gary Salman, CEO of Black Talon Security. “The average cyberattack will force a practice to shut down for two weeks, as well as negatively impact its integrity and reputation. This does not even factor in the potential for ransomware attacks which could cost businesses anywhere from $30,000 up to millions of dollars.”

Mr. Salman recently wrote an article for Practical Dermatology® magazine about cybersecurity strategies for dermatology practice.

Black Talon Security’s top 10 best practices to help enhance the security of an organization’s network include:

1.      Enable Multi-Factor Authentication (MFA) or Two Factor Authentication (2FA) for any application or website that supports it. MFA sends a unique code to your phone or activates an authentication APP to validate your login.

2.      Use strong passwords everywhere. Create strong passwords by combining a minimum of 12 characters, numbers and special characters such as @, $, #, & and !.

3.      Never use the same password across multiple websites or applications. Every website and/or application should have a unique password. 

4.      Implement password management tools such as LastPass or Dashlane to manage and create strong/unique passwords. 

5.      Utilizing remote access tools can present tremendous risk to your organization. Make sure you are using the paid business versions of these technologies as well as MFA and strong passwords. 

6.      Train your entire organization to recognize threats such as phishing, spear phishing, social engineering, business email compromise(banking wire fraud) and proper use of removable devices. Test them using a phishing simulator.

7.      Employ a cybersecurity firm to evaluate your firewall(s) and perform real-time vulnerability management to uncover exploitable devices on your network that may expose you to a breach or ransomware attack.

8.      Conduct an annual penetration test performed by a third party ethical hacker to identify risks and how you might be breached.

9.      Perform a security risk assessment to evaluate how and where your practice may be attacked.

10.  Deploy Artificial Intelligence (AI) based threat detection and mitigation technology known as Extended Detection and Response software on all computers and servers.