In times of increased vulnerability, it can be useful to reframe and refocus ourselves on things that we can do to improve things around us.

With the recent invasion of Ukraine, and the recently discovered intrusion on US computer systems that is suspected to be the work of Russian hackers, it is a good time to brush up on our cyber hygiene and make sure we are doing what we can to keep ourselves, our clients, and in the case of group practices, our teams, secure.

What is “Cyber hygiene?”

These are small steps to keep your online activity safe. Like washing your hands, taking these small measures will help protect you.

Why does it matter?

It is important to make sure that we, as mental health professionals, select the right services to hold our private information private (see our STEP 1: Service Selection for more on this) but also we need to consider the device that is holding the information as private.

Here’s an excerpt from an article Roy Huggins LPC NCC on Holding Safe Space Through Device Security

“Part of what lets vulnerable clients know they can trust us with their stories is the knowledge that we regard those stories as sacred and private.

So that raises a question: how do we hold a safe, secure space when clients communicate with us by email, text, or phone?

It all starts with you… and your devices

You may be thinking that making a safe space for online communications is all about the services we choose: the right email service, the right texting service, etc. You’re definitely right about those things being vital. In fact, we spend a lot of time talking about service selection here at Person Centered Tech. But in this article, I want to highlight the importance of our devices (i.e. smartphones, computers, etc.)

Whatever services you use, appropriate or inappropriate, you still use your own devices to access and interact with those services. Using a secure texting app? Great — is your smartphone prepared to protect the messages you send and receive through that app? How about your emails?

The security of your services is largely the responsibility of the service provider — that’s why you need to be so careful in choosing appropriate providers for your practice. Your smartphone, computer, and other devices, however, are entirely in your own control. To hold a safe space for clients from end-to-end, you need to keep your devices well-secured, too. It all starts and ends with our devices, and we need to make them into places that are safe for our clients’ narratives and other information.”

Steps You Can Take

We are not powerless here. There are clear steps that can protect our devices and the information those devices hold or access.

Turn on multifactor authentication

Authentication is just a fancy word for using a few different ways to verify that you are who you say you are when accessing information. For example, when you sign in you could share a password AND have a code texted to your phone. You may need to confirm your identity through email or fingerprint.

Want to understand more about authentication and HIPAA? Read more about authentication here.

Update everything, including software

In fact, turn on automatic updates. Bad guys like to exploit flaws, and flaws are often patched when the developers release updates. So keep those updates flowing!

You will want to update the operating system on your mobile phones, tablets, and laptops. And, especially, make sure that your web browsers and computer applications are updated too.

Think before you click

More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick to have you reveal your passwords, social security number, credit card numbers, or other sensitive information If it’s a link you don’t recognize, trust your instincts, and think before you click.

Here are some posts you can place near your desk to help you remember.

Use strong, unique passwords

Protect your account credentials and don’t reuse passwords. This goes a long way to keeping your information private. Using a password manager to generate and store them can take the pressure off your mind to remember them all.

Back up important files now

Backing up data means making exact copies of it. There are many kinds of backups. You choose what works for you. The important thing is that if you lose electronic PHI that you were supposed to hold onto, you should be able to restore it using your backup. If your backup scheme can ensure that, then it works!

Roy shared more about backups here. 

Use a VPN on public internet

Use a VPN, and don’t turn it off. It offers a buffer of protection between your device and the internet by hiding your IP address, your location and encrypting your data. Also, make sure that your home and practice WIFI is password protected.

Stay Calm and Focus on What You Can Do

“Where the danger truly comes from is fear,” said Dave Cundiff, vice president of cybersecurity firm “The fear of the unknown is what gives cyberattacks their greatest power.”

There is no need to stay in fear. PCT has many tools to help you get your devices and services optimized and secure– so you can rest in the knowledge that you are not tackling this alone. There is no need to be afraid.

Our Recommendations For Support

Step 1: Service Selection

Step 1: Service Selection
These services are recommended for their security and use case optimization. Make sure your services; email, video, texting etc, are secured.

Step 2: Training

Step 2: Training
Security Awareness Training. Take this short, inexpensive course as a jolt of supportive fun information about protecting yourself (or your team) in times of increased vulnerability.

Step 3: Device Security

Step 3: Device Security
Vulnerability is for your clients. Not your devices. With Practice Care Premium, you’ll get access to instructional videos with step-by-step instructions to secure all popular makes and models of smartphones, tablets, external drives, and laptops. The Device Security Center makes it super simple to secure smartphones, computers, tablets, external hard drives, etc. Get the hardest part of security and HIPAA compliance done with minimal drama. This is your largest surface area of risk, and something you can navigate with the tools and support available to you.  Learn More here.

Fun Extra: Free HIPAA Security Memes :

A lighthearted way to keep on your HIPAA security compliance needs. Great for Group Practice Security Officers or Solo Practitioners

  • Protect PHI
  • Keep Yourself Safe From Hackers
  • Stay HIPAA Aware

Created by HIPAA Security Compliance experts Roy Huggins, LPC NCC and Liath Dalton to help you stay on top of your compliance needs in a fun, engaging way. Learn More

More Information from

USATODAY | Americans are at higher risk of Russian cyberattacks after Ukraine invasion: What you should do right now

Cybersecurity & Infrastructure Security Agency (CISA) “Shields Up” | 


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss