The DoctorLogic Blog
Why you need HTTPS encryption for your medical website
With cyber attacks at an all-time high, it’s more important now than ever before to make sure your practice’s website is HTTPS secure. This is the same type of security that you will find on bank websites, eCommerce sites (like Amazon), etc.
If you previously were not aware of HTTPS cybersecurity, you could already be affected. In August 2014, Google announced, “Security is a top priority for Google… Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure.” Read their full announcement here.
Google’s initiative to make the web more secure is in full throttle right now. In recent news (August 2017), Google sent email notifications through the Google Search Console to website owners that have forms on web pages over HTTP protocol. Google stated, “Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page and on all HTTP pages visited in Incognito mode.” Learn more here.
Some of other important facts about cyber crimes and security breaches:
According to revisionlegal.com, “In 2015, for instance, there were more than 177,866,236 personal records exposed via 780 data security breaches, according to the ITRC Data Breach Reports. In 2015, hacks occurred in every single state in the U.S., and the breakdown of the breached targets by type of entity is as follows:
- Businesses were the target of 40% of the security breaches (312 breaches)
- Medical and Healthcare entities made up 35.4% of data breach targets (276 breaches)
- Government or military targets made up 8.1% of cybersecurity breaches (63 breaches)
- Educational institutions accounted for 7.4% of data breaches (58 breaches)
Also in 2015, over 100,000 WordPress websites were hacked that had the Slider Revolution plugin and it uploaded malware to these websites.”
In 2016, DoctorLogic performed a study researching 847 of websites for elective care doctors and we found that less than 4% of those websites were HTTPS secure.
Medical and healthcare entities are one of the biggest targets since over half are on open-source platforms like WordPress and most are NOT secure. This makes them one of the most vulnerable types of business open to these types of attacks.
We consult doctors daily and we’ve heard of some pretty scary scenarios. Here are a few examples:
- A doctor in Arizona had their electronic medical record system breached and a hacker was sending emails to their entire patient list with patients’ before-and-after photos.
- A doctor in Texas had his website hacked and all fonts were switched from English to Chinese.
- A doctor in California recently switched over to DoctorLogic because his previous website wasn’t secure and his site was redirecting traffic to pornography websites. Now that he switched from WordPress to Doctorlogic, he is 100% secure and generating leads again.
To recap, if you are using forms so potential patients can contact your practice, your medical website needs to be HTTPS secure. Additionally, if you are using any type of credit applications inside your website, you need to be HTTPS secure.
If your current website provider hasn’t made you aware of this by now, it might be time to work with a new marketing partner. If they are charging you for this, they shouldn’t. Your site should have been secure three years ago when Google was announcing their focus on security.
All of DoctorLogic’s websites have been HTTPS secure since we launched our first website. It’s one of many standard features that every medical website should have.