Skip to main content

Protecting Patient Data
Cybersecurity Tips for Your Practice

By Scott Morris

Vice President, Chief Information Security Officer
BlueCross BlueShield of Western New York

April 24, 2020

To: All Providers

Cybersecurity is no longer an emerging concern, but a new reality within the health care industry.

During this time of uncertainty, your information could be at risk by scammers sending false emails and phone calls/texts about COVID-19. You should be extra cautious with anything related to COVID-19, including emails, attachments, any social media, or texts/calls to your phone. With threats on the rise, every practice and facility should have cybersecurity measures in place and know key risks.

As Chief Information Security Officer at BlueCross BlueShield, I’ve seen an increase in the level of sophistication around security threats in our industry. It’s more important than ever to address those threats with strong measures.

For Staff Working Remotely

  • Have a secure home Wi-Fi connection
  • Store laptops and any other necessary materials in a secure location when not working
  • Prevent others (friends and family members) from gaining access to devices; use passwords on personal and work devices
  • Log off or lock workstations when unattended

Additional best practices to protect patient data include:

Create and Maintain Strong Passwords
Strong passwords are your first line of defense against data breaches. Passwords should have at least two of the following:

  • Length – Passphrases, password longer than 16 characters
  • Complex – Upper and lowercase letters, numbers, special characters
  • Unique – Don’t reuse passwords
  • Private  – Never share passwords
  • Original – Never be based on personal information

We recommend you visit to check whether any of your accounts have been compromised.

Utilize Multi-Factor Authentication
Multi-factor authentication adds an extra security layer on top of passwords, requiring users to enter a code from a text or smartphone app. If passwords are compromised, hackers will not get past this checkpoint.

Perform Software and System Updates
Regularly updating your operating systems and applications (also known as “patching”) will help fix security flaws and eliminate threats. Routine patch management should be a priority in your office.

Recognize and Avoid Phishing Scams
Phishing is the practice of sending fraudulent emails designed to obtain private information such as usernames and passwords. Alternate forms of phishing can include “vishing” (voice phishing through phone calls) and “smishing” (phishing through SMS text messages). Errors and misspellings in email messages are often a sign of phishing. Also, if you’re not sure about an email source, it’s best not to click on it. Your office can run phishing drills and utilize a “suspicious email” button within your email application.

We recommend for more information and phishing training materials.

Establish a Cybersecurity Culture
Make cybersecurity a key component of your practice’s culture and habits. Everyone should know their role in protecting patient data. Regular training and phishing drills can go a long way toward maintaining cybersecurity in your office. For more information about cybersecurity from the American Medical Association, click on the link below.

If any of your office staff has transitioned to remote workplaces, they must remember the best practices listed above.

Recent Articles

  • Individual Provider Recontracting Initiative
    We will be amending and restating our existing contracts. Starting next month, all directly contracted individual providers will be sent an updated contract. The New York State Department of Health (DOH) requires that each provider sign and return their amended/restated contract.
  • New Digital Provider and Facility Reference Manual
    We’ve upgraded our Provider and Facility Reference Manual, which is now available in digital format. The new manual offers a better, more interactive user experience. Here, we highlight some of the new features.
  • Updates to Screening for Hepatitis C Virus (HCV) in Adults
    Hepatitis C virus (HCV) is reportedly the most common blood infection in the country. The U.S. Preventive Services Task Force has updated the recommendation for HCV screening in March 2020 to now include all adults ages 18 to 79 without known liver disease, regardless of their risk for infection.
  • Update to Spine Preauthorization Process
    To help streamline the preauthorization process for spine procedures and injections, all these requests will be submitted directly to our Utilization Management Department beginning October 1, 2020. We will no longer require any requests to be submitted through Palladian Health.
  • Care at Home Expanded for Medicare Advantage Patients
    Beginning on July 7, more Medicare Advantage patients will be eligible to enroll in a new extension of the Care at Home program -- Care at Home℠ On Call -- which offers some urgent care in-home services. Care at Home On Call will be offered to newly enrolled Medicare Advantage members.

Working with Us

Additional Resources

We want to hear from you! Have a topic request for the next Blue Bulletin? Email us

Stay in Touch! Sign up to receive emails for provider news and information