Small medical practices more vulnerable to cyberattacks

Leaders at smaller medical practices often think they are too small to be targeted by hackers, but 22% of smaller practices have been hit by ransomware attack at some point, and those numbers are increasing, according to research from Software Advice.

Smaller practices have a greater risk of significant losses from hackers, because they often lack the training and have inadequate security technology.

The majority of both small and large practices said between 81% and 100% of all their data is stored digitally. This increases the risk of security vulnerabilities as hackers can infiltrate health care providers remotely using deceptive techniques.

Breaches are becoming more common, and human error is often to blame. 23% of small practices have experienced a data breach, and nearly half (46%) of these breaches were caused by avoidable human error. Software Advice found that 42% of small practices and 25% of large practices spent no more than two hours on IT security and data privacy training in 2021.

“Healthcare cyberattacks are happening daily and are targeting patient data, management systems, and medical devices at vulnerable medical practices,” said Lisa Hedges, associate principal medical analyst for Software Advice, in a statement. “Preparing for attacks is crucial because losing patient data can be detrimental to treatment plans and diagnoses.”

Losing data poses the greatest risk for patients as critical information on medical history and treatment plans can be lost entirely. Both small practices (14%) and large practices (11%) permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. One in five representatives from small practices didn’t know if they had a formal cybersecurity response plan, and another 49% said that they definitely did not.