|Articles|June 25, 2016

How cyberattacks can impact physicians

Author(s)Mary K. Pratt

Data thieves are getting craftier with their methods-and are actively targeting healthcare records.

To criminals, your practice’s most valuable asset isn’t a high-tech medical device or a pricey piece of diagnostic equipment. It’s your patient records.

Those records are the asset most vulnerable to theft, too. 

What does that mean for physicians? Plenty. In an increasingly interconnected industry, an attack on one could affect many. Every player in the system—from the largest hospital system down to rural solo practitioners—is facing a heightened risk.

“There could be a consequence upstream if there’s a breach. A breakage or disruption at one site can have that cascading effect,” says Lee Kim, JD, FHIMSS, director of privacy and security at the Healthcare Information and Management Systems Society, a nonprofit organization focused on improving healthcare through information technology.

 

Further reading: Tips to improve cyber security and protect your practice's finances

 

Consider the findings from the Ponemon Institute, a public policy think tank. Its recent report, “The State of Cybersecurity in Healthcare Organizations in 2016,” found that the 535 healthcare organizations surveyed averaged almost one cyberattack per month over the past 12 months. Moreover, 48% of the IT and IT security practitioners polled said that their organizations experienced an incident involving the loss or exposure of patient information during this same 12 months.

Perhaps more telling is how respondents, who come from various healthcare organizations and government agencies, feel about their ability to protect and respond: Just one-third said they’d rate the cybersecurity at their organization as very effective.

A more chilling observation comes from the Institute for Critical Infrastructure Technology and its report, Hacking Healthcare IT in 2016. It pegged the industry as the most targeted, yet least prepared for, cybersecurity threats.

The impact of the healthcare industry’s cybersecurity stance is significant: According to the Office of Civil Rights (OCR), 2015 saw 253 healthcare data breaches affecting 500 or more individuals. Together, those breaches affected more than 112 million records. Meanwhile, the Bitglass 2016 Healthcare Breach Report has found that one in three Americans have been victims of healthcare data breaches.

 

More technology news: Why is EHR use dropping?

 

Tom Stafford, PMP, vice president and CIO of Halifax Health, a hospital system headquartered in Port Orange, Florida, says the recent rash of cyberattacks against healthcare institutions is prompting executives—board members, upper management, IT leaders and cybersecurity experts—to put even more attention on security measures.

Internal server error