Website Attacks: You are at Risk. Learn How to Keep Your Practice Safe

Website Attacks: You are at Risk. Learn How to Keep Your Practice Safe

In an article recently published on Medscape, attorney Michael Sacopulos provides some much-needed advice on properly securing your medical website. The article comes on the heels of news from Los Angeles that a hospital paid hackers $17,000 ransom in bitcoins to regain control of their computer system after a cyber-attack. The attack locked them out of their systems by encrypting files for which only the hackers had the decryption code. The President of the Hollywood Presbyterian Medical Center said that paying the ransom was the quickest and most efficient way of regaining access to the affected system.

Cyber-attacks are occurring to individual private practices, as well. A surgeon in Texas found out several months after the fact that a disgruntled patient had copied his website almost to the letter but added commentary to the “About Us” tab such as: “…we maximize your pain and suffering”, “not so sudden death”, and “deal with it, Junkie”. The amateur website designer was eventually arrested for felony online impersonation, but the damage had already been done.

Another cyber tactic is for competitors to purchase similar domain names to a medical practice to re-route user traffic to their own website and away from the intended medical practice. This occurred to an optometry practice in the Midwest in which a competing optometrist in town managed to route traffic to his own site. These types of medical practice hacking events are on the rise, so it’s important to think about website risk reduction through monitoring, rather than risk elimination.

Few physicians know that websites in the Unites States must adhere to the Americans with Disabilities Act (ADA). For visually impaired people, the text on a website must be able to convert into audio and, for individuals with a hearing impairment, any audio component of the site must include closed-captioned text. Recently, the department store Target lost a multi-million dollar class-action suit to the National Federation of the Blind for noncompliance with the ADA. All US federal websites have been compliant with the ADA for over a decade.

Website images are also an area of concern for physicians. A plastic surgeon had pictures of his patients’ Before and After plastic surgery results posted on his practice website, only to be stolen by a competitive plastic surgeon. Even if you’re not concerned about your images being stolen, make sure you own the legal rights to every image on your website. Some internet image corporations will actively pursue hijackers of copyright material. Bottom line: either pay for every picture you use, or ensure it is an original picture you commissioned.

Make sure the proper disclosures are stated on the site. An important item for the “Contact Us” page is a warning that if the website is accessed after hours, and there seems to be a medical emergency, then the person should stop typing and call 911. This seems intuitive, but it should be stated none-the-less. Also, make it clear that any interaction which takes place on a website does not create a patient/physician relationship, and does not make the submitter a member of the medical practice.

Finally, be aware of patient privacy requirements under the HIPAA and HITECH privacy acts and clearly state on your website something like: “This is not a secure or encrypted means of communicating with our practice”. A little prevention can save money and headaches in the long run.

Xcite Health has the only physician practice platform that lets physicians go home on time! Contact us to find out why — and how we can make this commitment to you – that you will go home on time!  Call (800) 924-8344 or email us at to book a demo.

No Comments Yet.

Leave a comment