Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    

Password Protected


Simple Steps to Enhance Cybersecurity

From U.S. elections to national healthcare providers and payers, the news is filled with examples of massive organizations with massive IT departments that still got hacked. So how do much smaller healthcare companies and medical practices avoid the same fate?

Scott Augenbaum, who recently retired after 29 years with the Federal Bureau of Investigation, said there is any number of best practices ... most of which cost little or nothing ... that healthcare practices should put in place to maximize protection.

"I've dealt with thousands of cybercrimes in my career," noted Augenbaum, who spent the last 14 years working exclusively in this arena. "When a large healthcare organization has an issue, they are able to throw a lot of money at the problem ... but not the smaller companies, and when the smaller companies have a breach, it can be devastating."

First, the Bad News

He added most healthcare practices that are victims of cybercrime have five points in common:

  • They believe they are too small to attract the attention of cyberthieves. Augenbaum noted, "Nobody ever expects to be a victim." He added that many healthcare providers believe larger health systems or insurers are at greater risk than a small practice or payer ... but security is often easier to breach at smaller organizations.
  • They don't think they have anything of value to hackers. "I don't hear this as much in the practices but do from insurers and consultants. Even without patient records, they have financial records and emails," he noted.
  • A mistaken belief that law enforcement can fix it. "When the bad guys steal your stuff and you call law enforcement, law enforcement doesn't get your stuff back," he said of the impossibility of recovering data after it's gone.
  • "The chances of us putting the bad guys in jail are tougher than getting your stuff back," he said, adding that most bad actors are overseas.
  • While points one through four are depressing, Augenbaum said the last common trait is the hardest for him. "Why does it make me depressed? Because 90-95 percent of what I have dealt with could have been prevented without spending money on technical solutions."

Some (Slightly) Better News

While companies buy a lot of tech products that are supposed to keep them safe, there is no real silver bullet, cautioned Augenbaum. "People are now HIPAA compliant, HITRUST compliant, PCI compliant ... but being compliant is completely different than being secure."

Scott Augenbaum

He continued, "Most organizations are not doing the basic things ... they're not doing the fundamentals. All the bad guys need to do today is steal your password - that's it. It really comes down to securing that password."

The ways to steal passwords vary and are becoming more sophisticated. A practice administrator might receive an email that appears to be from someone they know and trust that has a document, usually in a PDF format, to be accessed. To look at it, the person must log in with their Microsoft 365 credential. "They enter it and nothing happens," said Augenbaum. Instead, a pop-up appears saying that didn't work so please enter Gmail credentials to access. "Now a bad guy sitting in Africa has both your Microsoft 365 and your Gmail credentials."

Since most people use the same password or slight variation of a password for everything, having that information realistically opens the entire organization to the hackers. But ... here's the good news ... it's relatively easy to avoid catastrophe.

First, said Augenbaum, "You need to be your own human firewall. Think before you click." Second, he continued, "Have separate passwords for mission critical platforms - anything bad guys can use to weaponize against you." Create a strong password (see below), use two-factor authentication, and back up the most important information you have so that if ransomware is deployed, you have a copy of your critical information. Those five steps, he continued, cost almost nothing but go a long way in protecting a medical practice or healthcare company.

Password Protected

So what does a strong password look like? Augenbaum said, for starters, it isn't a common word. "A good password is 12 characters, upper/lowercase, has a special symbol and number with no dictionary words," he explained.

To come up with a great, seemingly random password, think in terms of 'pass phrases' with a hint that can be written down without tipping off the password to a random viewer.

For example, your hint might be 'my child's latest accolade.' The actual phrase from which the password is derived is: 'Tommy came in first at the state swim meet in backstroke.' And, the actual password is: Tci1@Tssmib!

Another option is to pick a special number and character that you use at the beginning and end of most passwords and just change the center part. Perhaps you always use the number four and the # symbol. Your hint is how you feel about your patients. Your actual pass phrase is 'We love helping our patients feel great,' and your password is #4wLhopfG4#.

The idea, he continued, is to create hints and phrases that mean something to you but would be difficult for anyone else to decipher. Taking a few simple, inexpensive steps, Augenbaum concluded, can certainly avoid a lot of time, effort, heartache and money by making it much harder for cyberthieves.

More Simple Steps to Improve Security

With March Madness in the air, retired FBI agent Scott Augenbaum shared his own 'Sweet 16' when it comes to a winning cybersecurity strategy.

  1. Think before you click on a link or open an attachment, become a human firewall and question every email.
  2. Intrusion Detection Systems are a must but they will not stop everything as virus writers write in excess of 50,000 new viruses a day.
  3. Separate passwords for mission critical accounts.
  4. Strong passwords need to be longer than twelve characters in length with capital and lower case letters, numbers and a special symbol and NO dictionary words. Think passphrase instead of password.
  5. Updated operating systems are a must, as Microsoft doesn't support XP anymore.
  6. Patch your system, Microsoft updates, java and adobe.
  7. Multifactor authentication is a must on Facebook, LinkedIn, Outlook 365, Gmail, LogMeIn, VPNs and financial accounts when offered.
  8. Consider a separate computer for critical business functions. If you can access your client records on a computer that is used for Facebook and personal web surfing you are putting yourself at risk. If you are gaining remote access to your company and you are using a home computer that you share with your kids, you are putting your organization at great risk.
  9. Do not surf the Internet as the Administrator on a computer. If you purchase a computer and you are the only user, chances are you are the administrator. Go to the control panel and create a new profile and give it administrator access and change your profile to regular user.
  10. Back up your mission critical files on a daily basis. There have been numerous cases of ransomware that turns a company's critical data into useless information unless you send $500 in bitcoin to a bad guy in Eastern Europe.
  11. Have a plan for your organization,
  12. Practice smart online banking
  13. Don't store your password in the browser; it's the same as leaving your keys in the car for ease and convenience.
  14. If you can access your information in the cloud and all you have is a password, be prepared for the info to be stolen. Use multifactor.
  15. Once the bad guys get your stuff ... it's usually too late.
  16. You need to have a strong password for your smart phone and if you are using an Android, consider an intrusion security suite.

Learn More at AAHAM

Scott Augenbaum is one of the expert speakers slated fro the upcoming American Association of Healthcare Administrative Management one-day educational meeting in Nashville.

The Music City AAHAM 2018 Conference is set for April 18 at the Envision Conference Center in Brentwood. For more information, go online to and click on the Events section.


Related Articles:

Recent Articles

Cancer Care on the Cutting Edge

Nashville physician-scientists are helping lead the way in advancing cancer care.

Read More

The Evolution of Senior Living

The senior living industry is undergoing a makeover as baby boomers shift focus from medical-directed care to hospitality-driven services.

Read More

When Basic Science Becomes a Breakthrough

Noted immunologists joined forces at the recent International Cancer Immunotherapy Conference to discuss the importance of fostering and funding basic science.

Read More

Dr. Meredith McKean Brings New Hope, More Options for Melanoma Patients

Oncologist Meredith McKean, MD, MPH, overseeing Sarah Cannon's Melanoma Research Program

Read More

ONcology Rounds

News of note in cancer research, treatment and partnerships.

Read More

Ascension Saint Thomas Opens Cancer Center

Ascension Saint Thomas recently celebrated the grand opening of their comprehensive new cancer center on the Midtown campus.

Read More

NMGMA 10 Minute Takeaway

Medicare Part B representative from Palmetto GBA offered updates and resources to navigate compliance.

Read More

Improving Quality, Lowering Cost of Care for Seniors

Five years into the Medicare Shared Savings Program, more and more ACOs are beginning to demonstrate the ability to improve quality while lowering costs.

Read More

Planning Ahead: Patients & Power of Attorney

The time to think about a durable power of attorney is long before it's needed. Barbara Moss discusses the importance of the document in healthcare.

Read More

Council on Aging Honors Middle Tennesseans

The Council on Aging (COA) of Middle Tennessee hosted their 27th Annual Sage Awards on Oct. 29. With a belief that aging should be celebrated and embraced and that older adults have a lifetime of wisdom and experience to offer communities, the Sage Awards are presented each year to older adults who have made outstanding contributions to Middle Tennessee.

Read More

Email Print



Cybersecurity, Data Breach, Healthcare Hacks, Password, PHI, Protected Health Information, Scott Augenbaum
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: