I want to help you with safeguarding your practice better than Equifax did. You can’t deny that today we are living in an era of unprecedented technological progress. Particularly in the medical world, we find ourselves more empowered day by day with the onslaught of fresh applications and features promising to extend our reach and drive success. There’s a reason, after all, that business leaders like Virgin Group CEO Richard Branson argue that right now is a better time than ever to start a scrappy new company.
But this trend, in which practices become ever more inseparable from the technologies they depend on, is a double-edged sword.
Though tech continues to break down barriers to success in your practice, its forward motion is naturally accompanied by a newfound vulnerability. Each development is accompanied by a weakness to exploit – a back door through which hackers can wreak havoc on practices and patients alike.
This should be obvious to anyone who has even the barest awareness of the news. As the list of Fortune 500 companies that fall victim to cyber-attacks grows, we all need to learn from their mistakes and batten down our digital hatches in anticipation of a potential breach.
2 years ago, the country was shocked to discover that the personal data of more than 146 million people – including driver’s licenses, passport numbers, Social Security numbers and a wide swath of other information – had been exposed in an attack on the credit mega-giant Equifax. Hackers infiltrated their systems through a vulnerability in Apache Struts, a tool used to develop web applications, and proceeded to lift a staggering quantity of customer data. The consequences of this attack are still being unpacked even now, but it’s safe to say that even beyond Equifax’s plummeting stock prices and their trip to PR hell, they’ve put themselves and the people they serve in a horribly uncomfortable position.
And make no mistake, the Equifax attack was far from inevitable. You would think that a company sitting on an international treasure trove packed with data from more than 800 million customers and 88 million businesses worldwide would take pains to be responsible digital stewards. But last September, under intensive government and journalistic scrutiny, company officials confirmed that, basically, this enormous breach had all come downto Equifax’s failure to adequately patch their Apache Struts platform. You see, there was a known, publicly disclosed bug in the Apache Struts system the previous March. Despite the Apache Software Foundation’s subsequent release of a patch eliminating the vulnerability, Equifax didn’t install it in time to prevent issues, giving hackers months to easily exploit their systems and gain a foothold.
While the Equifax attack is certainly one of the most high-profile widespread data breaches in history, it’s definitely not the only one to affect millions of customers. Yahoo admitted in 2016 that a data breach way back in 2013 had exposed around 1 billion of their usernames, e-mail addresses and passcodes. When Verizon acquired the company last year, they admitted that, upon further review, it looked more like 3 billion accounts had been affected. Also in 2013, hackers infiltrated Target’s point-of-sale systems to steal 40 million debit and credit card accounts, thanks to a vulnerability in an HVAC company they’d hired called Fazio Mechanical Services.
Attacks like these – and the millions of similar ones aimed at small, midsize and massive companies every year – are almost always circuitous and confusing to the average business owner, but they’re also preventable. Problem is, especially when it comes to SMBs, most business professionals and their understaffed, underfunded, inexperienced or even nonexistent IT departments aren’t equipped to protect their precious data when the hackers come knocking.
Statistics show that, eventually, hackers are going to come for your practice – it’s all but guaranteed. And if they break through and bring your company to its knees, you probably won’t be the next Equifax or Target all over the news with egg on your face. No, your practice will probably just fold in on itself with nary a whimper, with everything you’ve worked so hard to build quietly buckling before your eyes.
Don’t let it happen. Address cyber-attacks before they become an issue, and get a talented, experienced, around-the-clock team to defend your livelihood. It takes vigilance, research and constant upkeep to keep the wolves at bay. Protect your business or, before you know it, there won’t be anything left to protect at all.