Updated July 20, 2020
Viruses, malware and hackers pose a threat to patients and physician practices. The AMA has curated resources and has tips for physicians and health care staff to protect patient health records and other data from cyberattacks.
HHS launches new cybersecurity website
The Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) has recently launched a new website to help physicians and their medical practices be better informed about potential cyber threats.
HHS is working with practitioners, health care organizations and cybersecurity experts to understand the threats facing the health care sector, learn the patterns and trends used by malicious actors, and provide information and approaches on how the medical practices and hospitals can better defend themselves.
This new site lists several resources, including:
- Threat briefs with best practices and information on COVID-19 related cyber threats
- Sector alerts with high-level information to assist non-technical audiences
Guide for working from home during the COVID-19 pandemic
Responding to a spike in cyber threats that exploit telework technologies during the COVID-19 pandemic, the AMA and the American Hospital Association (AHA) teamed up to provide physicians and hospitals with guidance on protecting a remote work environment from cyber criminals.
"Working from home during the COVID-19 pandemic" (PDF) offers actions to strengthen home or hospital-based computers, networks and medical devices from the rise in COVID-19-themed security threats and attacks. The resource includes checklists, sources, tips and advice on strengthening protections to keep pace with deceptive cyberattacks that could disrupt patient care or threaten medical records and other data.
False COVID-19 map circulating on the internet
A malicious website pretending to be the live map for "Coronavirus COVID-19 Global Cases" by Johns Hopkins University is circulating on the internet waiting for unwitting internet users (PDF) to visit the website (corona-virus-map[dot]com).
Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements and social engineering. Anyone searching the internet for a coronavirus map could unwittingly navigate to this malicious website.
Please make sure to exercise caution when opening emails from outside organizations even if those organizations may seem reputable. Information on how to identify e-mail phishing and ransomware attacks can be found in the Health Industry Cybersecurity Practices (PDF) guidelines provided by the U.S. Department of Health & Human Services.
The John's Hopkins University coronavirus (COVID-19) outbreak map is accessible via the JAMA Network™.
Creating an informative e-mail campaign
In an effort to spread awareness of cybersecurity across your organization, a packet of infographics, images and posters have been developed along with simple instructions to help you create an informative and engaging email campaign. The email campaign instructions and images can be found in the NCSAM Package.
Additionally, health care and security experts have developed a set useful materials to help guard your entire medical practice against cyberattacks. These materials have been designed with small to medium-sized medical practices in mind.
The main document (Health Industry Cybersecurity Practices) explores the five most relevant and current threats to physician offices and recommends 10 cybersecurity practices to help mitigate these threats. Technical volumes 1 and 2 provides the “how” so physicians and office administrators can implement these practices in their small, medium or large health care organizations.
Digital health technology adoption requires medical cybersecurity
According to a first-of-its kind survey, physicians are greatly concerned about the theft of private patient information and loss of access to critical medication lists, diagnoses and lab results.
The research also showed the physician perspective is often missing from many major cybersecurity efforts.
The AMA is well-positioned to better include the physician input in cybersecurity efforts going forward.
Medical cybersecurity issues
The main findings identified three key themes:
1. Cybersecurity Is a patient safety issue
2. Physician practices rely on health IT vendors for network and system security
3. HIPAA compliance Is not enough to protect patient records
Physician cybersecurity resources
The AMA has also developed tips and advice on protecting your computers and network to keep your patient health records and other data safe from cyberattacks.
Download and share with your staff and IT:
- How to improve your cybersecurity practices (PDF)
- Cybersecurity checklist for office computers (PDF)
- Protect your practice and your patients from cybersecurity threats (PDF)
- Infographic: Cybersecurity in health care (PDF)
- Working from home during COVID-19 pandemic (PDF)
The AMA continues its work to improve health care cybersecurity.
- AMA letter to OIG on “Solicitation of new Safe Harbors and Special Fraud Alerts" (PDF)
- AMA letter to Congress on cybersecurity and the use of legacy technologies in health care (PDF)
- AMA letter to FDA on "Developing a Software Precertification Program: A Working Model" (PDF)
- AMA statement to FDA on intersection of big data, privacy and competition (PDF)
Table of Contents
- Cybersecurity overview
- HHS launches new cybersecurity website
- Guide for working from home during the COVID-19 pandemic
- False COVID-19 map circulating on the internet
- Creating an informative e-mail campaign
- Digital health technology adoption requires medical cybersecurity
- Medical cybersecurity issues
- Physician cybersecurity resources
- Cybersecurity improvements