Ensure All Employees Are Up-To-Date On All Security Policies


“Cyber Security Training for Employees” By Tom Murphy with the firm of Danna-Gracey, Inc.


When it comes to preventing a data breach or cyber security issue at a medical practice, employers and employees should attempt to be as knowledgeable as possible about cyber security to avoid making errors. This ultimately means that the practice needs a proven cybersecurity training program in place to make sure all employees are up-to-date on all security policies at all times.


Cybersecurity training for employees of a medical practice is an ongoing process and early detection of a data breach or other cyber event is critical when it comes to preventing a practice from losing thousands of dollars in damages as well as damage to the practice reputation and credibility. Practices should consider doing more to ensure that all employees are consistently updated and informed about potential security vulnerabilities as well as how to recognize and avoid them.The following are some cyber security tips for medical practices:


  • Require Strong Passwords. Secure passwords are typically the first step in safeguarding sensitive dates and patient information. Every employee needs to know how to create strong passwords. This includes using a mix of characters, numbers, letters, and never sharing passwords among employees. Example: Xd76M45Bk?


  • Consistently Evaluate Vulnerabilities. Practice leaders need to understand the vulnerabilities and consistently evaluate the systems and employees on a regular basis to recognize potential weaknesses.


  • Implement Cybersecurity Tests. These tests are sometimes called “live fire” training and they provide the practice or employer the ability to determine just how educated and prepared their employees are when it comes to avoiding one of the many cybersecurity issues. The most popular form of this test is when the employer or contractor simulates phishing scams to see how many employees open attachments.


  • Keep The Lines Of Communication Open. Cybersecurity policies need to be communicated throughout the practice and training should be on a regular basis to keep all employees informed and up-to-date on all of the practice requirements while at the same time understanding the practice response plan in the event of a breach or cyber event.


  • Make Sure Practice leaders Are Involved. All practice leaders and management need to understand the importance of having a strong cybersecurity training program as they are the ones responsible for the budget and making sure that everyone knows of the implications a cyber event can have to a practice.


All medical practices should have a robust cyber liability policy that will protect them from the potentially large costs associated with a cyber event.


Our Strategic Partner this month is Tom Murphy!

Tom Murphy specializes in professional liability, workers’ compensation, Regulatory and Cyber coverage with the firm of Danna-Gracey, Inc in downtown Delray Beach. He is an experienced risk management consultant, providing physicians and various medical entities with risk and claims management techniques for implementation. In addition, Tom performs malpractice claims studies for medical specialty societies and maintains an advisory position for various societies involving malpractice, claims and workers’ comp claims. He is often a guest lecturer for various medical societies and associations.

Tom can be reached at (561) 276-3553 or (800) 966-2120 orMurphy@dannagracey.com