Cyber attacks: Don’t learn the hard way
By Chad Fleming, OD, AOAExcelTM Business & Career Coach
Who carries the burden? Unfortunately, the answer is you.
You know the joy of the start of a vacation, with a whole week ahead of relaxing and enjoying the benefits of hard work. For my practice partner, the road to vacation started with this feeling. But it also included one stop he wishes could have ended differently.
On the road, he and his family decided on a restaurant that served traditional Chicago-style pizza. Turning to technology, he found the location on his phone's GPS and listened to Siri direct him. As they arrived, he went through his mental checklist: where should he park, should he drop the kids off at the door or make them walk, and should he be concerned about the safety of all the family's stuff in the vehicle?
As he was turning the SUV off, he had one final, all-important decision to make: should he leave his iPad in the vehicle or take it with him? He decided to take it with him. There was way too much important information on it to risk a smash-and-grab theft.
The restaurant was great. The pizza was hot. The toppings were fresh, and the diet drinks seemed colder and more refreshing than normal. My partner paid the bill, and the family made their way out of the restaurant.
During the walk, the joy of seeing his family so happy turned to panic. He turned to his wife with that look you never want to see on your spouse's face. "What's wrong?" the family asked. He explained that he had taken his iPad into the restaurant to keep it safe and secure. Unfortunately, he was on the sidewalk two blocks away--and the iPad was still at the restaurant. He turned 180 degrees and sprinted back.
A stomach-churning lesson--and counter measures
At the restaurant there was no evidence of the iPad. No employee could attest to knowing anything about it. After talking to the manager and exchanging information, he left with his head down and his stomach churning with disgust. Shortly after this, he called me on the phone and asked what we should do as this was also the iPad he used for all patient care.
Fortunately, I told him, we remotely access a terminal server. This means all data he viewed on the iPad at the office was only a screen; no data was actually transferred. Even better, the "find my iPhone" feature would allow us to disable the device remotely, and we could disconnect all shared files through Dropbox and Evernote. Although still discouraged that his iPad was stolen, he was relieved that he did not have to carry the burden of breached security and patient data exposure.
So who carries the burden and liability of losing an iPad, computer or other device with patient data? Or who is responsible after a cyber attack?
Unfortunately, the answer is you.
Many ODs assume that because patient data is housed on a server or in the cloud, there is no footprint on the computer. This is not necessarily true. All optometrists who use computers in the practice and off-site for patient care are liable for cyber attacks. In addition, there are rules about how to encrypt the data on these devices.
The only way to protect yourself is to stop using computers and the Internet or purchase cyber liability insurance. Since the former is highly unlikely and not very practical, the latter is your best bet for protection.