Daniels Porco & Lusardi, LLP Daniels, Parco & Lusardi LLP
Consult With An Experienced Lawyer
845-350-2837 / 845-228-8041
practice areas

5 steps to diagnose medical practice cyberattack risks

Patient safety is, or should be, a top priority in every health care facility in New York and the rest of the country. Safety can be at risk many different ways, as we pointed out in this blog earlier this year. One major threat that deserves particular attention is that posed by cyber attackers going after network-linked equipment and medical data.

To show just how significant this issue is, consider results of a recent survey by the American Medical Association. The AMA reports 83 percent of 1,300 doctor respondents said their practices have been targets of cyber attacks that threatened electronic data. The danger, of course, is that electronic health records could be altered. If that happens and the record is then shared, information that should aid treatment could be a potential hazard.

Steps to assess risk

Regardless of the size of a practice, the Health Insurance Portability and Accountability Act (HIPAA) requires keeping information confidential. It also imposes obligations for keeping information secure and for how to inform patients when breaches occur. The onus is on the industry to do all it can to eliminate concerns about compliance now and in the future.

HIPPA lists five basic steps to analyze security risks.

Identify all elements of your information technology system. This includes inventorying all stationary and portable computerized hardware that collects and stores data within the practice and that can transmit information elsewhere. All administrative processes should be reviewed, too, to make sure they comply with the law.

Identify potential vulnerabilities. This amounts to an audit of current security measures looking for weaknesses. You can do this through discussions with appropriate employees. Enlisting help from government agencies, professional associations and legal counsel can help, too.

Rank the risks. If you have unencrypted laptops that are used for patient home visits, this might be a critical risk. Rankings of medium, high and critical can be measured by gauging how likely an attack might be and how much damage could result.

Address the risk. Some might feel this job is done by having a plan in place, but many experts would agree that you have to go a step further and take action on the plan.

Don't stop. Preventive care suggests the value of regular checkups. The same applies to patient information security. One AMA official recommends performing the above steps once every year.

No Comments

Leave a comment
Comment Information

Want To Learn More?

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy


Pawling Office
1 Memorial Avenue
Pawling, NY 12564

Phone: 845-350-2837
Fax: 845-855-5945
Pawling Law Office Map

Carmel Office
102 Gleneida Avenue
Barrister Hall
Carmel, NY 10512

Phone: 845-228-8041
Fax: 845-225-4262
Carmel Law Office Map

Review Us