Skip to main content
U.S. flag
An official website of the United States government

An Ounce of Prevention: Cyber Security for the Small Medical Practice in Ten Minutes

By Philip A. Smith, MD, FAAFP, 405(d) Task Group Member
January 1, 2020

I know you’re busy. I ran my family practice office for years. So, why should you take ten minutes to read this article? Because I know what you’re thinking. “Cyber Security? I have an IT person for that!” or “I don’t have time!”

Funny. We used to think we didn’t have time to wash our hands. Then came Pasteur and Semmelweis with that whole germ theory and hand hygiene stuff.

Maybe this is our 21st century plague…

Imagine being on the front page of your local paper blaring, “Data Breach Devastates Dr. Smith’s Practice”. What would be the cost... to your reputation, your patients’ trust, your financial viability? There’s never any mention of who manages your computer network. Your name is on the “shingle.”

The Public Health Model for Cyber Security

Cyber security translates well to our medical model. Here’s a quick primer.

There are threats to our well-being (like microbes).

The most common are:

  1. E-mail phishing attacks
  2. Ransomware attacks
  3. Loss or theft of equipment or data
  4. Insider (accidental or intentional) loss of data
  5. Attacks against connected medical devices that may affect patient safety
  • Vulnerabilities (like a weak immune system) make us more susceptible to these threats

  • Our practices (like good handwashing, sanitation, and immunizations) create defenses

Cyber security is like public health – while technology plays a role, knowledge and behavior are determinants. It is really about building a culture of awareness, prevention, and responsiveness.image1

Practice Owners are the Key to Prevention

It takes everyone in a practice working together to ward off the "bad actors". Practice Owners set the stage for effectiveness. When you become the champion, everyone else will come along. You don't have to spend a fortune to get there.

You now have the FREE resources necessary to get started: "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients". It's available to you at: https://405d.hha.gov

After you make a quick read through the first ten pages, you will see that there are cost-effective practices that you and your staff can implement in any size practice. You won't get it done in a day, but why not get started?

Start with raising awareness. Every member of your team plays a part in reducing your practice's risk. Remember the teachings of Benjamin Franklin, "An ounce of prevention is worth a pound of cure." The threats are real. The "bad actors" come from every corner of the world.

This is just another way we work together to protect the health of our nation - as you protect the health of your practice. Get started. There's no better time than today.