5 Cyber Threats for Therapy Practices

RethinkCare logo
RethinkEd logo
RethinkBH For Providers logo
RethinkBH For Health Plans logo

By: Tom Hill

Hands typing on laptop in office with holographic login screen

Share with your community

Facebook
Twitter
LinkedIn

The rise of telehealth technology has opened up a world of possibilities for therapy practices. However, while offering remote therapy appointments has plenty of benefits, it’s also important to remember that there will always be certain threats where new tech is introduced.

The number of cyber attacks against healthcare facilities has been steadily increasing in recent years. As such, practices must be both aware of the cyber threats they face and take steps to protect themselves.

In this article, we’ll look at five of the most common cyber threats to therapy practices and a few steps you can take today to avert them.

Ransomware

Ransomware attacks are a massive threat to the healthcare community and must be taken seriously. Studies have shown that around 66% of healthcare organizations in the U.S. were subject to ransomware attacks in 2021, which is a marked increase from previous years.

Ransomware is malware that prevents the user from accessing their systems until a ransom is paid. This means that practices wouldn’t be able to retrieve any personal information on their patients until the malware has been removed. There have been instances of criminals demanding upwards of one million dollars to decrypt the malware.

Phishing

Criminals use phishing scams, also known as Business Email Compromise (BEC), as a way to get their hands on sensitive data.

They do this by tricking users into clicking a fraudulent link that takes them to a fake login page. Once they’ve input their data, the criminal can use that information to access the organization’s real systems. Then, they’re able to access the organization’s financial and patient data which they can then sell or use to commit identity theft.

Vulnerable Infrastructure

The majority of cyber threats target individual users. They rely on individuals making errors–such as downloading malware–that give criminals the access they need. But that’s not always the case. Criminals may also look for “open windows” within the organization’s technological infrastructure.

It’s much easier for criminals to access out-of-date software, especially if the software is known to have a security vulnerability. The developers of software systems are always updating their programs to plug gaps and increase security, but in many cases, these updates don’t occur automatically — the user has to actively hit the ‘update’ button. If they don’t, their system’s security will be compromised until the update is processed. It’s the digital equivalent of leaving your front door unlocked; doing so doesn’t necessarily mean that you’ll be burgled, but it makes it easier for criminals to gain access.

Stolen/Lost Equipment

Not all cyber attacks occur via remote access. Some happen due to direct access to devices that contain sensitive data, and the consequences can be significant. The theft of a work-related laptop, for instance, doesn’t just result in the loss of the value of the machine, but also all of the information held on the laptop.

It’s easy to see how a device could be lost or stolen in a world where remote work is more common than ever before. A therapist that temporarily leaves their laptop on a public table while they go to the bathroom may return to find that their computer — plus all of the patient information held on the device — is gone.

Intentional or Accidental Insider Threats

While your staff often doesn’t mean to cause harm, humans are fallible and accidents happen. Individuals may access emails without checking their origin, use work-related devices with their coworker’s logins, or be involved in any number of other instances that can affect the security of your system.

Unfortunately, while many of these scenarios are accidental, there are occasions when staff maliciously violate their practice’s system to steal patient information or financial data which they then sell to criminals.

What Happens Following a Cyber Threat?

Now that we’ve gone through how cyber criminals may target an organization, let’s consider what could happen if they’re successful.

The most obvious consequence of a cyber attack is loss of revenue. Cybercriminals don’t engage in their illicit activities for fun — they do so because of the financial incentive.

Once an attack is launched, healthcare organizations must investigate the breach as soon as they find out, potentially pause their operations due to loss of system access, replace compromised systems/machines, and pay any demanded ransom fee. None of those ventures will be cheap. In fact, they can greatly impact your practice’s bottom line. Indeed, the costs can be so significant that some organizations end up having to close their doors for good.

What Can a Therapy Practice Do to Protect Itself?

You can’t prevent a criminal from trying to cause you harm, but you can significantly reduce their chances of succeeding.

Educate Staff

Cybercriminals rely on human error for many of their activities, especially when conducting phishing scams. Train your staff to be on the lookout for suspicious emails, phone calls, and texts. If there are any doubts about the legitimacy of those messages, encourage your team to refer the communication to management.

Use Encryption

A well-encrypted network is much more difficult to breach than a poorly encrypted network. Make sure your systems use the latest technology and keep your software up-to-date.

Work With Experts

Cybercriminals are professional, so your defense should be, too. It’s better to hire a professional cyber security team rather than trying to combat the threat yourself.

Get Cyber Liability Insurance

Even if you take all the recommended steps, it’s still possible that you’ll experience a breach. Cyber liability insurance can ensure that you have an extra layer of protection in the event of a successful cyber attack.

Final Thoughts

Modern technology allows therapy practices to offer next-level standards of service to their patients, but it does come with risks. Take precautions and be aware of cyber threats that may be used against your practice and train your staff to recognize them when they arise. Additionally, consider investing in cyber liability insurance as additional protection to ensure that any such attack won’t significantly impact your business’s finances or daily functions.

About the Author

Tom Hill, Insurance Agent for the John Hill Insurance Agency

Tom Hill

Insurance Agent

As a commercial insurance producer for the John Hill Insurance Agency, I work with our clients and business partners to ensure they are appropriately protected. I’m the third generation of commercial insurance producers from our family-owned agency letting me draw on a lot of experience beyond my own. And with new markets constantly emerging, there’s always something new to explore for your business.

Share with your community

Facebook
Twitter
LinkedIn
Sign up for our Newsletter

Subscribe to our monthly newsletter on the latest industry updates, Rethink happenings, and resources galore. Simply follow the link to the footer and enter your email.

Related Resources

NEW YORK, Nov. 21, 2022 /PRNewswire/ — RethinkFirst, the leading software and solutions provider in behavioral health, today...
Webinar
Register for Webinar About this Webinar December 15th, 2022 @ 1 pm EST  In this...
Webinar
Enroll in Course Eligible for 1 free General CE  About this Free CE Webinar Dr....

Learn more about Rethink

African American male and Caucasian woman working on laptop drinking coffee
RethinkCare logo

Take care of your people with RethinkCare’s evidenced-based solutions that support the well-being your entire employee base in all aspect of their lives - from personal to parenting, and professional

For Employers ›
School learning with diverse middle school students
RethinkEd logo

Build strong school communities and healthy, safe learning environments for all your students with RethinkEd’s evidence-based strategies and technology solutions across SEL, Special Ed, Behavioral & Training

For Educators >
Doctor helping girl with psycho pedagogical intervention
RethinkBH For Providers logo

Start, grow and manage your practice with Rethink’s workflow automation and evidenced-based clinical best practice tools that help you optimize outcomes and operations

For Providers >
African American women talking while seated
RethinkBH For Health Plans logo

Support your members and your provider networks with Rethink’s solutions that support autism care management across your network while offering unique value-added services to your members.

For Health Plans >
logo rethinkfirst white

Together We’re Powering Potential

Transforming the Behavioral Health landscape requires scalable platforms that address a broad range of mental, emotional, and wellness needs. At Rethink First we are proud to work across the continuum of care to help individuals and the people they care about live healthier, happier and more fulfilling lives.

New call-to-action

The leading behavioral and mental health enterprise platform to support working parents, caregivers and their families.

For Employers ›
New call-to-action

Award-winning solutions empower districts and their educators to improve outcomes and wellness for all tiers of students and to build healthy and safe learning environments.

For Educators >
New call-to-action

Fully integrated workflow automation and evidenced-based clinical tools help behavioral health organizations optimize outcomes and operations.

For Providers >
New call-to-action

Patent-pending clinical solutions and member engagement services streamline autism care management processes and support outcomes for health plans, providers, and members.

For Health Plans >