• Edinburgh: 0131 625 9191
  • Glasgow: 0141 428 3258
  • Galashiels: 01896 550991
Closeup of mouse hovering over the word 'security'

Practical Steps to Protect your Practice

Date: 16/05/2017 | Data Protection & Information Law, Healthcare

The global cyber-attack that hit the NHS in Scotland and England over the weekend was reportedly the largest in NHS history.  As GPs and dentists logged on to their computers following the weekend, many were finding that they too had been targeted, resulting in a partial or complete shut-down of their practice until the issue can be resolved.

Naturally, many practices (as well as businesses beyond the Healthcare sector) who haven’t been targeted are still concerned about what they can do to limit their exposure to a potential hack.  Below is a list of practical steps that you can (and should) take to make sure that you protect your practice as much as possible in these crucial next few days.

  • Back up important data.  The single most important thing you can do to mitigate the risks which ransomware can pose to your practice is to back up all data on a regular (ideally daily basis).  You can’t be held to ransom for data which you hold somewhere else!
  • Make sure your Windows updates are all fully installed and up-to-date. Windows released a security patch to update to their software in March and Microsoft have advised that businesses immediately install this update.
  • Ensure your anti-virus is up-to-date and run a scan.   If you don’t have anti-virus protection, install it now from one of the reputable vendors.  Most will come with an initial free trial period.
  • Be careful what you click on.  You should only click on emails that you are sure came from a trusted source.
  • Don’t log into personal emails on your work machines. It’s most likely that your office emails are routed through a strong anti-virus/spam filter, but it’s unlikely that your personal emails will have this protection. 
  • Avoid accessing social media or forum websites from work computers. These websites are more prone than others to hosting malicious software.  Whilst the main platforms themselves may be safe, they often contain links to less secure sites that can contain malware.
  • Do not click on links inside cookie banners.  There have been reports of malicious software infecting machines through links contained in cookie banners that appear on most websites.
  • Speak to your staff.  Ensure that all of your staff are made aware of the risks faced and these simple practical steps.  If necessary update your internal procedures to restrict access to certain sites, even if only in the short term.

Finally, if you have had the misfortune of having your network infected do not do anything without first seeking specialist help.  To date, many who have paid the bit-coin ransom have not received the necessary code to get their files back.  Experts are therefore advising those affected not to pay over the ransom sum.

If you have any concerns or questions about how to implement any of the steps above, or how to best communicate the issues to your employees or patients, don’t hesitate to get in contact with a member of the Davidson Chalmers Healthcare team

The matter in this publication is based on our current understanding of the law.  The information provides only an overview of the law in force at the date hereof and has been produced for general information purposes only. Professional advice should always be sought before taking any action in reliance of the information. Accordingly, Davidson Chalmers LLP does not take any responsibility for losses incurred by any person through acting or failing to act on the basis of anything contained in this publication.

Written by

CRAIG STIRLING | Davidson Chalmers Stewart
Craig Stirling

Latest Updates

Want to get even more insight from Davidson Chalmers Stewart?

Keep your organisation up to date with the latest opportunities and changes in commercial law with regular insight and updates from the experts at Davidson Chalmers Stewart.

Let's Talk

A typical law firm? Not really. But a partner for the people and businesses we work with? Absolutely.

Our determination to do things a better way is nothing without our clients. So if you like what you see and think we’d make a good team, let’s talk. Pick up the phone and call us direct or make specific enquiries to our individual email addresses across the website. Alternatively use the form to submit general questions and comments.

Either way, we’ll get the message.


t0131 625 9191


t0141 428 3258


t01896 550991

Let's Talk form