From the WELL Cybersecurity Division

The healthcare industry is under attack by cybercriminals seeking PHI and financial gain by holding critical systems hostage.
  • You are all aware of the threat.
  • You’ve read about successful attacks in the news.
  • You may even know the stats. If not, go back to the Secure Solution Now home page : )
Unfortunately, the threat is real.

I find it interesting that despite all the information available, many doctors and clinic administrators do not understand the impact of not protecting their environments.  As I speak with colleagues that work directly with clinics, they express their concern about the misconceptions many doctors have around cybersecurity.

This article will address some of the more common questions and arguments from doctors and clinic administrators.

Myth 1- “I have a small clinic, surely we aren’t a target?”

The reality is that small “businesses” account for over 60% of cyber attacks.  In addition, attackers know that the medical industry as a whole falls behind most other industries when it comes to cybersecurity.  When combined with the fact that PHI is very valuable on the dark web and the criticality of health care systems, it is clear that small clinics are a prime target.

Myth 2 – “My data is in the cloud and protected by the EMR provider”

While EMR providers protect the data within the EMR system, it is the clinic’s responsibility to protect the devices that access this data.  A compromised PC is used as a pivot point to get to the data.  Also, note that a PC that has been infected with Ransomware is useless for standard clinic operations; thus degrading patient care.

Myth 3 – “If we get Ransomware, we will unplug all computers, use laptops and rebuild”

While this is a viable option, consider the business disruption time and costs to rebuild infected computers.  Is the staff technical enough to make the switch, or are you waiting for your “guy” to show up and help?  Is there data on the local PCs?  Are you doing backups?  If not, the data is gone.

Myth 4 – “We have an antivirus installed already – we’re good right?”

It depends.  Traditional anti-virus can only protect against known attacks.  The latest, next-generation malware protection is far better and defends against known and brand-new (zero-day) attacks.  It looks for attack behavior and can stop them in their tracks.  Ultimately, end-point protection is just one layer of protection against evolving attack mechanisms.  Is a single lock on your front door enough, or do you prefer multiple locks with an alarm system that is monitored by experts?

Myth 5 – “We have a guy that we call when we need IT help”

Because you’re dependent upon your IT systems for the care of your patients, you need technical support muscle behind you for the “if and when” situations that may arise. What happens if you have an IT emergency and your guy is too busy or on vacation?  A managed IT service offers a proactive approach to ensuring that your clinic systems are reliable and running efficiently.  It also provides access to help, when you need it, for a predictable monthly cost.


As medical professionals, I assume that you subscribe to the old phrase “An ounce of prevention is worth a pound of cure”.  The notion also holds true for IT and cybersecurity.


If you have any questions or need some help improving your cybersecurity, please contact me at

Scroll to Top