5 Tell-Tale Signs That Your Medical Practice Has Been Hacked

By: Daryl Smith on July 19th, 2018

Print/Save as PDF

5 Tell-Tale Signs That Your Medical Practice Has Been Hacked

Data Security

One of the greatest and most costly threats to your dental or medical practice today is a data breach. The healthcare industry loses over $6 billion a year in dealing with the costs of compromised data. In 2017 alone, there were 477 healthcare data breaches, affecting nearly 5.6 million patient records. Your practice is not immune to these threats.

Your office collects names, dates of birth, Social Security numbers, addresses, and entire medical histories. Because medical and dental practices collect so much sensitive information, they are particularly attractive to cybercriminals. Hackers will use many different methods to break into your network or website to steal information and sell it on the open market. Stolen data is then used to steal people’s identities.

Data breaches are expensive. Costs include: forensics to detect and try to fix a breach, compliance personnel to evaluate your procedures, auditors, government notification, HIPAA fines, and settlement of lawsuits. Even more than lost revenue, you should be concerned about lost brand value, as patients may leave your practice and new patients will stay away. The issue is that even with proper safeguards in place, data breaches can still occur at your practice.

Do you know what to look for in a managed IT service provider?
Download our checklist to learn if you’re making the best choice for your practice.

Download Now

So, how do you know if you have been hacked? Here are a few signs that should warn you that your network or website may have been compromised:


1. Unauthorized Programs Installed on Your Network

If your practice’s network has been hacked, you may notice an unfamiliar program that was not authorized, documented, or installed by anyone within your organization. You might see programs requesting access. Be suspicious. While there may be an innocent explanation, this can also be a sign that a hacker has invaded your network. If you don’t recognize a program, do not click on it until you are positive it was installed by an employee or a trusted IT manager. 

How is it that unauthorized programs become installed on your network? You or your staff may be to blame. When a program is downloaded and installed from the internet, many times other features are “piggybacked” on: plugins and other free programs have a checked box asking if it is ok to install Xyz program. If you don’t uncheck the box, which happens quite often as someone clicks through without paying attention, new things are installed on your network. Many times this is an internet browser or antivirus program that could allow access to hackers.

Some types of programs installed with malicious intent include:

  • Trojans: named for the infamous Trojan Horse, any misleading malware
  • Worms: standalone malware that duplicates itself to spread
  • Backdoor: method of bypassing encryption in a system
  • Spyware: software that enables user to obtain access to information and to transmit it secretly
  • Keyloggers: software that records your keystrokes, a way to steal passwords and other information
  • Ransomware: software that will hold your network hostage and deny you access until you pay the hacker a ransom

You might be wondering if cookies are a security threat. The answer is, they can be, indirectly. While a cookie is a text file and can’t be hacked per se, cookies can be harvested to support malware by pointing a hacker in the right direction toward your sensitive information.

Finally, you might notice that your authorized security software or other programs are uninstalled. Missing programs are a sure sign you have been hacked.

2. Frequent Random Pop-Ups, Etc.

Pop-ups are a very annoying, but obvious sign that something is going on within your network, especially when you are visiting sites that don’t normally give you these pop-ups. Pop-ups are usually caused by one of those random toolbars you see in your browser, or by a program that you didn’t intentionally install.

Your ad-block or anti-pop-up software is usually useless at getting rid of the reason behind the pop-ups, so don’t just turn those programs on and forget about it. Get to the root of the cause. If pop-ups are caused by a virus, it can be like battling email spam, but worse.

If your computer is doing things by itself-if you see the cursor moving or typing appears-someone else has control and you have been hacked. You might suddenly have a slow internet connection. Your passwords might stop working for no reason. If you are unable to reset the password using “forgot password”, your network has been compromised. If you notice anything strange, contact your IT partner. They can detect and fix network infection using several different methods.

3. Spam Emails Sent from Company Computers

Your patients may start to receive spam emails. These emails are particularly concerning because they look like they’re coming from your company. Many of your patients may open these emails, leaving them vulnerable to their own security threats. Spam email may result from someone hijacking and using your actual email address. Spoofing is another way hackers can attack through email; they create a phony email and header that resemble your company’s. Users are lured in by the legitimate-looking email. Receiving spam emails from your trusted dental or medical practice will not only annoy your subscribers, it will make your brand look unsafe. 

What you can do: Monitor outgoing electronic communications. Keep an eye on your sent folder whenever you are checking your inbox to make sure your customers are only getting what you want them to be getting in their inboxes. Watch your inbox to see if you are getting bounce back emails from addresses you do not know. Log in to your email account and change your password.

4. Redirected Internet Searches

One of the most common ways hackers make money is by redirecting you to other sites that pay them based on how many clicks they “steal” from you to get them to appear on someone else's website. Users usually don’t know they are on a site with malicious content. One way to tell if your internet browser has been hacked is to search for some unrelated keywords to see what results come back. If the same site appears in the results, it’s likely that your browser has been breached.   

Any toolbar programs that are new or out of the ordinary could indicate that you are being redirected. Check to see if your internet browser homepage looks different. Monitor your server and if your browser is showing you content from different sources or servers, you might be compromised.

5. Website Issues

You obviously worked hard and spent a lot of time/money getting your site looking perfect, and all of your content looks great. So where did the random content on one of your pages come from? You didn’t write it.

Now you start clicking some links, and get sent to pages selling knock-off watches and cheap medications. This is a HUGE sign that a hacker has mirrored your site onto his own network. The hacker gets paid by increasing traffic to those sites, so putting those links on your site just makes him money.

Notify your IT partner immediately if you notice that visitors to your home page are redirected or other security programs are flagging your site as unsafe.


While there are certainly other signs that your practice’s network has been breached, these are certainly some of the largest warnings.

The problem is that hacker software is hard to detect, and once installed on a system it can’t be removed by anti-virus/anti-malware. The software is embedded and mimics Windows system files. It will replace a system function with itself, looks and acts like operating system, creates access for criminals.

Although antivirus and anti-malware is always running to catch up, it is still important to use it consistently on your practice’s network. Use your best judgement and keep a regular network maintenance schedule. You can never be too cautious when it comes to patient data. If you are experiencing some of these issues now, don’t wait! Contact your IT vendor immediately to get your data back under lock and key. Don’t risk downtime, loss of data, or taking a financial hit due to hacker activity.