By Nathan Pinskier, Chair, RACGP Expert Committee – eHealth and Practice Systems
Be honest: when you receive a prompt to update an app or program, do you usually sigh and click the ‘not now’ button? Updates can be a real distraction and an annoyance. They get in the way of doing what it is you were wanting to do at that moment. And let’s face it, do they really always matter? Maybe yes, maybe no…
What about in your clinical world? How often does your practice run the updates for your management software, clinical information system, secure messaging software and desktop operating systems? Monthly? Weekly? Daily? On-demand? Do you have the latest operating system patches installed right now? Are these patches or updates installed on the server and on every PC in the practice? How do you monitor this? How do you know?
Most organisations either delay these activities or do not have robust systems to monitor the update status. Between the restarts, the install times and data migration requirements, or the cost of purchasing new or updated software and the time it takes to train or monitor staff, updating and upgrading can be a bother. It’s something that can be done later, mañana.
But the consequences of delaying these tasks can be significant and potentially catastrophic.
In 2017, the WannaCry ransomware hit hundreds of thousands of computers across 150 countries. If your computer was infected, you were faced with a nasty choice: pay the hackers a neat little sum within 72 hours, or watch on as they delete all your data. In the UK, the epicentre of the cyberattack, 595 general practices were targeted. Payment is not an option either as the unlock code is rarely provided. Hackers apparently don’t play nice! The Australian Government Stay Smart Online website states, “We recommend that you do not pay the ransom if affected by ransomware. There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.”
For businesses affected by attacks like this, there is more at stake than the ransom money. Downtime means lost revenue. For healthcare businesses, patient data may be lost or compromised, a huge issue even before you consider the potential for fines associated with privacy breaches and reputational damage.
The WannaCry hackers preyed on a weakness in old versions of Windows. Microsoft became aware of the problem and released an update to patch it in supported versions of Windows before the hackers unleashed the virus. It spread because many businesses and users hadn’t gotten around to upgrading or updating their systems. Many large companies are still using old and unsupported versions of Windows.
There are other benefits to keeping your software and systems up-to-date. With new releases come new and improved features that can increase operation speed and enhance useability. The latest version of your software will probably have functionality that could improve overall workflow.
Regular maintenance of software and systems is an essential element of practice management. This includes your operating system, clinical information systems, and antivirus or other protective software. An IT consultant can help your practice establish and implement a schedule for updates and upgrades. Your role as a practice owner or manager is to define the terms of the relationship with your IT support consultant and to monitor performance. You don’t need to do it all, but you do need to know that it is being done. The key is to establish a robust and transparent governance process.
In February, the RACGP released Information security in general practice, a guide to assist you to protect your personal information and practice data. It includes information on how to meet relevant requirements for accreditation against the RACGP’s Standards for general practices (5th edition).
Stop delaying those updates, and start thinking about whether it is time to upgrade and how those upgrades can be maintained over time. It might just prevent a major disaster down the line.
Preserve, prevent, protect!
RACGP members can continue the conversation on shareGP