For ASCs, it can be difficult to hire a cybersecurity staff and even more challenging to train physicians on cybersecurity threats.
Strict budgets can limit an administrator’s efforts to seek outside help to catch phishing emails before they hit a physician's inbox.
Andrew Mabe, assistant vice president of security at Allscripts, and Daren Smith, director of ASC solutions at Surgical Information Systems, sat on a panel at Becker’s ASC 25th Annual Meeting: The Business and Operations of ASCs, Oct. 18-20 in Chicago and explained how ASCs can better position themselves against cybersecurity attacks.
When asked about what ASCs are doing to ensure their current staff or new staff members are educated on the safety of the various IT solutions being implemented, Mr. Mabe emphasized compliance training. “One of the trends we are seeing is making compliance training mandatory,” Mr. Mabe said. “Phishing is a big issue that we train physicians and staff to be aware of. We’ve been looking at new ways to prevent physicians from continuing to click on these phishing links and emails.”
And even with proper staff in place to catch phishing emails, many of them still reach inboxes. “It is striking that balance between blocking everything coming in and finding the balance between what should and shouldn’t get in,” said Mr. Smith. “It’s a constant challenge. There are so many emails getting blocked. We get 400 challenges per day just to our email system and one of them will sneak through.”
There are other solutions to prevent attacks through phishing links. Mr. Mabe talked about IT solutions that block all emails with links or implanting a three-strike policy.
With constant cybersecurity threats, ASCs are left to utilize training, technical controls and user education.