Cyber Attacks And Data Breaches Target Small Healthcare Practices – Is Yours Next?

Sep 10 | , ,



Carol A. Wilcox

 PREFERRED Therapy Providers, Inc.

You may be putting your business at risk if you think it’s only large healthcare practices and organizations that get hacked. It turns out that most small healthcare practices are such an easy mark for hackers, it’s like the low hanging fruit on the dark web. Not convinced? This 5-provider practice found out the hard way when over 42,000 of their patient personal and identifiable data was breached. The data hack included patient social security numbers and health insurance information. Not only was patient information compromised, so was the clinic’s reputation. Could your business survive a data breach?


If you haven’t taken measures to ensure your patient data is secure, now might be a good time to consider taking that initiative off the back burner and placing it on your priority task list. Don’t know where to start? Begin with these 7 steps you can take today to help protect your data:

  1. Know the types of data hackers are interested in finding – Hackers are looking for information commonly stored in electronic health records (EHRs) and computers including patient names and addresses, social security numbers, patient credit card information, patient occupation, billing information and personal health information. This data is sold to the highest bidder on the dark web.
  2. Separate work and personal devices – If you use a computer, tablet or smartphone to keep patient data and/or communicate with patients, keeping these separate from your personal devices helps to keep sensitive patient information secure.
  3. Create strong passwords – Strong passwords help make it difficult for hackers to access your data. Passwords should not be similar to birthdays, addresses, zip codes, or anniversaries. Strong passwords – those larger than 6 digits – can include upper and lower case letters and the use of symbols such as @, % or &.
  4. Install antivirus detection software – Installing antivirus software (also known as anti-malware), can disarm or remove malicious software from your computer according to this resource. Malware programs can take over your computer or your browser making your information easily accessible to hackers.
  5. Encrypt your messages – Email encryption disguises the content of an email message to protect sensitive information from being read by the wrong people according to this resource. When you send an email containing sensitive health information to a patient, a covered entity or a business associate, you should send it by encrypted email.
  6. Avoid suspicious email messages – Also known as “phishing,” these emails are the portal to hacking your data. Suspicious emails may look like they come from a trustworthy source, but if you don’t recognize the “from” email address or the contact’s name, if there are misspellings or incorrect words, and if the message has a link that you’re asked to click, or a request for a phone number or other information, don’t open the email and never click on any links. This resource goes into more detail about how to spot a suspicious email.
  7. Provide staff awareness training – Many security breaches are a result of misinformation and human error. Invest in the time to train your staff about how they can help prevent a cyberattack and security breach in your business. Healthcare practices, both large and small, are required by CMS to implement HIPAA compliant policies and procedures to prevent security breaches and to provide adequate staff training.


The steps outlined in this post are intended to be a starting point. This resource provides information on how to conduct a security risk analysis for your practice. provides resources on the HIPAA Security Rule and its requirements.

The FCC’s Free Small Biz Cyber Planner is a tool developed especially for small businesses for creating a customized cyber security guide.

About the Author:

Carol A. Wilcox is the staff writer and head of marketing communications at PREFERRED Therapy Providers, Inc. You can reach Carol here.

This article is brought to you by PREFERRED Therapy Providers Inc. PREFERRED is the nation’s leading payor management services network. Our expertise is working with physical, occupational and speech therapy practices – from single clinics to multiple clinic locations.