What to do when you’re under cyber attackSeptember 24, 2013
By Chad Fleming, O.D., AOAExcel Business and Career coach
As a partner in a multi-doctor office, it is never fun when one of the doctors is on vacation. It was Sunday evening the week prior to my partner’s vacation. He was on a road trip with his family. You know the joy of the initial weekend travel where all things look positive as there is a whole week ahead of relaxing and enjoying the benefits of hard work. For my partner, the road to their destination made one stop he wishes could have ended a little different.
It seems every road trip features the same discussion: where is the family going to eat? This particular road trip was no different. Eventually the family decided on a restaurant that served traditional Chicago-style pizza. So they all decided this was the place to add to their many memories of a great family vacation.
As we all do, my partner finds the location on his phone’s GPS map and listens to Siri direct him to the place. As they arrived, he went through his mental checklist on where the best place to park for traffic would be, should he drop the kids off at the door or make them walk, and should he be concerned about the surrounding area and the safety of all the family’s stuff in the vehicle.
Once parked, he looked in the rearview mirror to see smiles from ear to ear on all three of his children’s faces. They finally arrived, and it was time to go enjoy that traditional Chicago-style pizza.
As he was turning the SUV off, he had one final, all-important decision to make: should he leave his iPad in the vehicle or take it with him? He decided to take it with him as he had way too much important information to risk losing it from a smash and grab.
The restaurant turned out to be better than they could have expected. The pizza was hot. The toppings were fresh, and it seemed the diet drinks were colder and more refreshing than normal. My partner paid the bill, and the family made their way out of the restaurant and headed back to the vehicle.
During the walk to the vehicle parked about four blocks away, my partner’s mental joy of seeing his family and wife happy turned to panic as he looked at his wife with that look you never want to see on your spouse’s face. They all stopped in their tracks as their fearless leader had the face of serious concern. “What’s wrong?” they all asked. He explained that he had taken his iPad into the restaurant to keep it safe and secure. Unfortunately, he was on the sidewalk about two blocks away and his iPad was still at the restaurant. After pausing for a moment, he turns 180 degrees and takes off in a dead sprint back to the restaurant.
At the restaurant there was no evidence of the iPad, and no employee who could attest to knowing anything about the iPad. My partner requested the manager, and after further discussion and exchanging of information, he left with his head down and his stomach churning with disgust.
Shortly after this, he called me on the phone and asked what we should do as this was also the iPad he used for all patient care at the office. Fortunately I told him we remotely access a terminal server so all data he viewed on the iPad at the office was only a screen and no data was transferred. We also discussed that the “find my iPhone” feature would allow us to disable the device remotely and that we could disconnect all shared files through Dropbox and Evernote. Although still discouraged that his iPad was stolen, he was relieved that he did not have to carry the burden of breached security and patient data exposure.
So who carries the burden and liability of losing an iPad or computer with patient data? Or who is responsible for a cyber attack (someone hacks your office computer)? The unfortunate carrier of liability is YOU.
Many ODs, just like yourself, assume that because patient data is housed on a server or in the Cloud there is no footprint on the computer. This is not necessarily true.
All optometrists who use computers in the practice and off-site for patient care are liable for cyber attacks. The only way to protect yourself against this is to stop using computers and the Internet OR purchase Cyber Liability Insurance.
The views expressed are those of the author and do not necessarily reflect the views of the AOA.