your cyber liability coverage to
determine if it meets your needs; and
stress the importance of cyber risk
management for your practice.
These risk management
considerations can help you avoid or
manage a cyber breach:
Educate staff members. Many cyber
breaches occur because of human
error. An employee may click on
a link in a phishing email because
he or she does not know any better.
While many employees may be fully
aware of online risks, others may not
be as educated on the matter. This
knowledge gap can leave a practice
open to cyber risks from malicious
email campaigns and poorly managed
passwords.
Train staff members on the
measures they can take to prevent
data breaches. One campaign could
be on how to identify a phishing
email and instructing staff never to
click on a link sent by an unknown
sender or to open an unexpected or
unsolicited attachment. Phishing
emails are at the root of most
breaches and are becoming more
difficult to recognize. Educating
employees will help you to create a
culture of security throughout your
organization.
Establish internal cyber security
policies. This could include
mandating stronger passwords,
limiting access to sensitive patient
data to relevant staff members, and
backing up data. Consult with your IT
manager to set workable parameters
for your practice.
Increase password security. Possibly
the best security measure is to choose
a strong password. Strong password
policies often require staff members
to change their passwords every six
months and to use a combination
of upper- and lower-case letters,
numbers and special characters.
Instruct staff not to share passwords
and not to have one password used by
several employees for one system or
account.
Review and audit your cyber security
regularly. Regularly conduct an
objective evaluation of your cyber
security controls and tools with your
IT manager. Consider conducting an
audit every six months, or at least
every year.
Create a breach response plan.
If a breach occurs, you want to be
prepared. Have a response plan that
assigns roles to staff members to help
you keep your practice open.
These roles could include a
communication leader to manage
media inquiries or to alert the media.
The person in this role also could
communicate to patients, vendors or
other clients about the breach. You
may also select a documentation
leader to document the timeline of the
breach response, including the actions
taken and when. This can help you
when conducting IT forensics or an
audit.
Make sure your staff is fully
educated about their roles in the event
of a breach. These roles could include
reaching out to external IT experts
for a solution or assigning someone
to coordinate with your malpractice
carrier regarding your cyber security
coverage. Conduct a drill that tests
your response plan. Identify and
address any gaps in the plan or
employee questions. DMJ
More information on how to reduce
your risk of a cyber breach and
associated costs is available through
TMLT’s Cyber Consulting Services at
consultingwebmail@tmlt.org. TMLT
cyber resources also are available at
https://hub.tmlt.org/cyber.
30 Dallas Medical Journal November 2018
Reprinted with permission from Texas
Medical Liability Trust (TMLT).
John Southrey can be reached at john-
southrey@tmlt.org. Wayne Wenske can
be reached at wayne-wenske@tmlt.org.
Sources
1. Goedert, J. CIOs and CISOs work
together as attack threats grow. Health
Data Management, Jan 31, 2018. www.
healthdatamanagement.com/news/ciosand
cisos-working-together-as-attackthreats
grow. Accessed May 1, 2018.
2. Ragan, S. Customers describe the
impact of the Allscripts ransomware
attack. CSO. April 17, 2018. www/
csoonline.com/article/3262168/
ransomware/customers-describe-theimpact
of-the-allscripts-ransomwareattack.
html. Accessed April 27, 2018.
3. 4 in 5 physicians had a cyberattack in
their practices, says survey. American
Medical Association. Dec 12, 2017.
www.ama-assn.org/4-5-physicianshad
cyberattack-their-practices-sayssurvey.
Accessed April 30, 2018.
4. Cooper, C. What is the cost of a
breach? AT&T Business. Oct 24, 2017.
www.business.att.com/learn/securenetworking/
what-is-the-cost-of-abreach.
html. Accessed April 30, 2018.
5. Maynard, T., Ng, G. Counting the cost
— cyber exposure decoded. Emerging
risks report 2017. Technology. Lloyd’s.
https://cyberpolicymagazine.com/
images/pdf-downloads/ counting_the_
cost_cyber_attack.pdf. Accessed May
1, 2018.
6. Spitzer, J. The cost of a data breach
in healthcare averages $717k: 5
report findings. April 6, 2018.
Becker’s Health IT & CIO Report.
www.beckershospitalreview.com/
cybersecurity/the-cost-of-a-databreach
in-healthcare-averages-717k-
5-report-findings.html. Accessed May
24, 2018.
7. Cloud Down: Impacts on the US
Economy. Emerging Risk Report 2018
Technology. Lloyd’s. www.lloyds.com/
news-and-risk-insight/risk-reports/
library/ technology/cloud-down.
Accessed April 30, 2018.