News
Article
4 steps to take when your practice suffers a cybersecurity breach
Key Takeaways
- Data breaches can lead to operational disruptions, regulatory penalties, and reputational harm for healthcare practices.
- Many practices are unprepared, relying on outdated security measures and assuming vendors will handle all responsibilities.
Cyberattacks can halt operations, trigger fines and erode patient trust. These four steps can help practices prepare, respond and recover when the inevitable breach occurs.
The consequences of a breach can be devastating. Beyond the immediate operational disruption — computers frozen, EHRs inaccessible, appointments canceled — practices face potential regulatory penalties, lawsuits, and reputational harm. The Department of Health and Human Services (HHS) has issued fines for failing to encrypt data, for not maintaining backups, and for leaving security gaps unaddressed. The HIPAA Security Rule requires covered entities to implement administrative, physical and technical safeguards. Insurance may offset some costs, but liability carriers often require practices to follow specific response protocols. Patients, too, expect transparency and protection of their most sensitive information.
Despite the high stakes, many practices are unprepared. They may rely on outdated antivirus software, leave security responsibilities entirely to vendors, or assume their EHR provider will handle backups. Staff may fall for phishing emails or fail to recognize suspicious activity. As Rana McSpadden, FACMPE, CHPC, CPC, a medical practice consultant with SVMIC, put it during her MGMA Leaders Conference 2025 session: “Don’t just leave this to your IT people, you need to be involved in this process.”
The good news is that there is a playbook. Cybersecurity experts recommend a four-stage approach to incident response: preparation, detection and analysis, containment and recovery, and post-incident review. Each step involves not just technology but also leadership, communication, and training. Practices that follow this structured process can minimize damage, restore operations faster, and strengthen defenses for the future.
What follows is a roadmap for administrators to follow when a breach occurs — from assembling the right response team, to notifying authorities and patients, to learning from mistakes so the next attack does less harm.
Building a culture of security
The aftermath of a breach is also a reminder that cybersecurity is not just an IT problem but a leadership responsibility. McSpadden emphasized that administrators must “set the tone at the top” by integrating cybersecurity into business strategy, funding proper defenses and promoting staff awareness.
Health care data remains a prime target for cybercriminals. With preparation, rapid detection, decisive containment and continuous improvement, practice leaders can reduce damage and maintain resilience when the inevitable breach occurs.
Newsletter
Stay informed and empowered with Medical Economics enewsletter, delivering expert insights, financial strategies, practice management tips and technology trends — tailored for today’s physicians.
