EHR and practice management for mental / behavioral health

Will Your Employees Get You Hacked?

by Donna Koger, 3.8.18

Apparently, according to cybersecurity experts, there are 5 things your Will Your Employees Get You Hacked?employees are doing that will get you hacked. And you are not alone in being remiss to be sure your staff is fully trained on cyber hacking and the dangers involved from the small business end.

Out of 2,000 small business owners surveyed, there was enough data to indicate nearly half are at risk of being hacked because they are not investing enough in cybersecurity. But there are some simple things that can help you avoid the unthinkable – getting hacked – and paying huge fines for exposing your PHI.

You need to train your employees to be aware of 5 things…

Being Lazy

Do your employees assume the IT department is taking care of cybersecurity or otherwise don’t believe they have to worry about it? Tell them to think again.

Unprotected Email

Your company can invest in a service that provides email encryption, such as EmailPros, or you can have your employees (or IT dept) set up 2-step verification in their email app, such as MS Outlook. There is plenty of information to be found on 2-step verification on the internet, ask your IT department or you can check out these websites: or this one:

Clicking on Fake Emails

According to cybersecurity companies, “91 percent of cyber attacks begin with a spear fishing email.” ( These emails can entice employees to click and share inappropriate information, such as usernames and passwords with potential hackers. They tend to look authentic, but much of the time, if someone receives one of the phishing emails, checking the email address the message is from can tell you it is not legitimate. But this isn’t always the case so everyone must extra diligent in examining all unsolicited emails. Phishing scams usually insert ransomware that infects not only computers, but mobile devices and networks.

Lousy Passwords

Can you believe the most common password today is “123456?” How easy do you think it would be to crack that password to gain access to someone’s computer or mobile device? The same password could be used by one individual on many devices or shared with coworkers, family and friends. As and other resources say, “Chances are, most of your employees are well-intentioned – but clueless when it comes to cyber protection.”

No Backup

Are there employees in your organization that do not back up their data? With PIMSY, your data is backed up to the cloud regularly, so there isn’t any danger there. However, there may be PHI on employee’s computers or other devices that is not encrypted or backed up. Those files can be hacked with ransomware or other nasty viruses that give hackers access to PHI or denies the employee’s access to their files. Of course, if it’s ransomware, [link again] you will be required to pay a “ransom” before the files are returned to the owner. By then, it’s probably too late to avoid HIPAA fines for your “hacked” PHI.


Donna Koger is the HIPAA and Security Compliance Director of PIMSY EHR. For more information about electronic solutions for your practice, check out Mental Health Practice Management.

Donna Koger is the HIPAA and Security Compliance Director of PIMSY EHR. For more information about electronic solutions for your practice, check out Mental Health Practice Management.

Author: pehradmin

Kudos from Clients

Seth H.

“PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

~ Seth H., Business Owner