Cybersecurity and Technical Patient Privacy Protection.

Abstract

Plastic surgery offices are subject to a wide variety of cybersecurity threats, including ransomware attacks that encrypt the plastic surgeon's information and make it unusable, as well as data theft and disclosure attacks that threaten to disclose confidential patient information. Cloud-based office systems increase the attack surface and do not mitigate the effects of breaches that can result in theft of credentials. Although employee education is often recommended to avoid the threats, a single error by a single employee has often led to security breaches, and it is not reasonable to expect that no employee will ever make an error. A recognition of the two most common vectors of these breaches, compromised email attachments and surfing to compromised websites, allows the use of technical networking tools to both prevent email attachments from being received and to prevent employee use of unsanctioned and potentially compromised websites. Further, once compromised code is allowed to run within the office network, that code must necessarily make outbound connections to exploit the breach. Preventing that outbound traffic can mitigate the effects of a breach. However, most small office network consultants design firewalls to only limit incoming network traffic and fail to implement technical measures to stop the unauthorized outbound traffic that is necessary for most network attacks. Detailed techniques are provided which can be used to direct IT consultants to properly limit outbound network traffic as well as incoming email attachments, with more information at https://officenetworksecurity.com.