pmc logo image
Logo of procamiaJournal URL: http://www.amia.org/meetings/archives.asp
Journal List > AMIA Annu Symp Proc > v.2006; 2006

Formats:
AMIA Annu Symp Proc. 2006; 2006: 981.
PMCID: PMC1839598
Copyright This is an Open Access article: verbatim copying and redistribution of this article are permitted in all media for any purpose.
Physician Office Readiness for Managing Internet Security Threats
K Keshavjee, MSc, MD, MBA, N Pairaudeau, BA, and A Bhanji
InfoClin, Toronto, Ontario, Canada
Abstract
Internet security threats are evolving toward more targeted and focused attacks. Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.
Introduction
The number of Internet security threats is increasing dramatically. A recent report showed an increase of over 140% percent in the number and severity of Internet security threats in the last 6 months of 2005.1 These threats include viruses, trojans, spam, spyware, phishing, pharming, intruder and many other ever newer, ever more nefarious threats. The advent of new medical technology for physicians, such as electronic medical records and electronic prescribing systems is exposing medical clinics to these newer threats.
Although many organizations have made recommendations about privacy and security practices for medical clinics, there are few studies that actually address physician office readiness to handle Internet threats.
Methods
We used questionnaires, site assessments and actual detection of threats using an advanced, monitored Internet security device (ISD), capable of providing real-time detection and management of common internet threats to study physician practices. We sought to understand physician knowledge, perception and readiness to address various risks.
16 physicians in Southern Ontario who use the Internet in their practices were recruited for the study. They filled pre- and post-study questionnaires. All sites were assessed for presence of firewalls and virus, spyware and spam detectors on all workstations. Frequency of updates and scans was assessed.
Results
Physicians in the study had good awareness of internet threats and indicate they are aware of Federal and Provincial privacy legislation. Most physicians felt their practices were in compliance with legislation. Physicians in the study had an elevated sense of their ability to withstand Internet threats and most felt comfortable with their current security practices and most felt safe in using the Internet.
However, physicians in the study were poorly equipped to handle these newer threats. Although most physicians had a firewall, none actively managed them. 80% of computers in the practices studied had a virus checker. Tellingly, only 60% had an updated virus checker and only 40% of workstations had had a scan within the past month. Fewer practices had spyware or spam detectors.
Discussion
Passive firewalls and infrequently updated virus checkers are poor defenses against determined attackers who are increasingly less likely to be amateurs and students and more likely to be part of organized crime, determined to steal identities and to utilize vulnerable computer networks for spreading spam and viruses.
Recommendations
As physicians get newer electronic technologies and use the Internet for coordinating and informing care, they need better security tools to help them protect their personal and patient data and to protect their networks from exploitation for inappropriate purposes.
Organizations wishing to increase utilization of technology in community physician offices need to carefully consider the vulnerability of these locations and provide adequate, monitored and managed protection from Internet security threats and regular preventive workstation and network upgrading.
References
1. Turner D, Entwisle S, et al. Symantec Internet Security Report Jul–Dec, 2005. [Accessed Mar 12, 2006]. https://enterprise.symantec.com/enterprise/whitepaper.cfm?id=2238.
2. Kelly G, McKenzie B. Security, Privacy, and Confidentiality Issues on the Internet. J Med Internet Res. 2002 Nov 22;4(2):e12. [PubMed]
Articles from AMIA Annual Symposium Proceedings are provided here courtesy of
American Medical Informatics Association

PubMed articles by these authors

Links