Growing Cyber Threat to Medical Practices

Medical practices are increasingly coming under attack by cyber criminals. This makes it all the more important that physicians take steps to improve their security efforts. Though cyber insurance is one effective way of mitigating risk, there are new tools, processes, and technologies that can proactively protect practices including, but not limited to, the conducting of a vulnerability scan.

A vulnerability scan determines whether a commonly used remote desktop protocol (RDP) port is facing the public internet and therefore potentially exploitable (similar to driving down the street to see which houses have left their front doors open).

Risk Management Lessons from Litigated Cases
Get Medicine on Trial, a free publication of more than 80 litigated cases summarized by CAP's General Counsel Gordon Ownby.

Tokio Marine HCC (TMHCC) is the insurance company that provides cyber risk insurance coverage for all CAP members with the opportunity to purchase a higher limits policy. TMHCC partners with ePlace Solutions to offer CyberNET information as well as free HIPAA training. THMMC has now conducted a vulnerability scan across their book of business, simply with the knowledge of a policyholder’s public domain. This universe included CAP policyholders, but only those policyholders for whom TMHCC had either an email or website address. Currently, these scans have only affected CAP policyholders who have purchased a higher limit Lloyd’s policy renewing first quarter through third quarter of 2021.

This process is not invasive but does rely on the collection of policyholder domains and email addresses.

If an open RDP port is discovered, TMHCC, in partnership with ePlace Solutions, can offer assistance to help implement best practices to protect RDP remote access (like moving the front door to the back of the house and not viewable from the street), thereby significantly reducing the policyholder’s risk of a cyber attack (like ransomware). Alternatively, an IT service provider or network administrator can address these vulnerabilities and potentially advise on what prescriptive measures can be utilized.

In the future, a representative from TMHCC or CAP Physicians Insurance Agency, Inc. (CAP Agency) may contact you if they find vulnerabilities that are increasing your risk of a cyber attack. This is a service that is available at no additional cost to all members who purchase a higher limit policy through CAP Agency.

 If you would like a copy of “Frequently Asked Questions,” or if you would like to apply for a higher limit policy to protect your practice in these uncertain times, please call CAP Agency at 213-619-0081.