Safeguarding Your Healthcare Practice in the Age of Cybersecurity
The email address is a familiar one, and it’s got nothing out of the ordinary when you open it. The message is semi-concerning, but you get hundreds of emails a day, and there’s nothing that is getting your inner alarm bells ringing about an issue.
That’s how they get you. Hackers are able to make just about any email look like a normal one. It is way beyond the days where you would get a couple messages each day about a Nigerian prince who mysteriously wants to send you thousands of dollars once you just happen to give him your bank account number. Hackers now are highly intelligent and have sophisticated devices that can trick the most well-intentioned people to allow them access into the servers of any business.
For any healthcare practice, having your servers hacked is a nightmare on a whole other level. That’s not just people’s social security numbers and contact information stored in your network; that’s lives and conditions and so much more. The costs would be enormous to try and recover from such a hack, and that does not even count the betrayal of trust that patients would feel, turning their fire and wrath right upon you.
Hacking in the Healthcare Industry
Hacking in the healthcare industry can be a nightmare experience. A recent collaboration between ProPublica and the German public broadcaster Bayerischer Rundfunk found that more than five million patients in the United States, and beyond that many millions more around the world, have their medical images and health data available on the Internet, sitting unprotected, ready to be stolen at a moment’s notice.
The group identified 187 servers in the United States alone that were either unprotected by passwords or had only basic security that any experienced hacker would be able to take over in minutes. The obvious danger is not just an issue for health care providers, it is also illegal; under United States law, healthcare providers are legally accountable for patient data privacy as part of the Health Insurance Portability and Accountability Act (HIPAA), a 1996 law which requires health care providers to keep health data of all American confidential and secure.
With those types of numbers, it is not surprising, unfortunately, that many people in the health care industry do not have the necessary training and education to notice and stop hacking attempts or phishing emails from ruining their servers. A new Kaspersky report revealed that 24 percent of health care employees in the United States have no cybersecurity training, even though they are aware of its value.
Want to know what’s even sadder than that number? That 24 percent looks good compared to Canada, in which 41 percent of health care employees have never received cybersecurity training.
The State of Cybersecurity in Healthcare
The study is called “Cyber Pulse: The State of Cybersecurity in Healthcare” and got feedback from over 1,700 employees in the health care industry. Surveying people in just about every role possible in a practice, some of the other top line material is stunning;
- There have been more than 200 hacking or IT-related health care organization incidents that each have affected 500 or more individuals since January 1, 2019.
- A breached health care provider will spend up to $408 per patient to recover their personal records, and they also will spend up to $1.75 million in advertising in attempts to restore damage done to their reputation throughout their region.
- Only 11 percent of those surveyed said training on cybersecurity occurred during the hiring process, and one in 10 said they were unaware of any office policies about cybersecurity.
- Fully 40 percent of respondents are unaware of cybersecurity measures used to protect IT devices.
Yes, there are a myriad of things that any health care provider must be focusing on at any given time. But cybersecurity, if it isn’t one of those things now, should be! One of the motivations for so many doctors from small practices to large organizations is that they are driven by concern to make people better and give them security and comfort when sick that they will get better. And when you feel that way about treating people who come to your office, you should give that same amount of comfort and concern toward their personal data and making sure that’s as secure as the treatment they receive.
At Med USA, we have decades of experience in the medical field so you can focus on what’s important: Giving the best possible medical care to your patients. Let’s talk about how we can work together on a multitude of medical needs that can lessen the workload of any physician’s office and help you focus on the patients that require your help, including cybersecurity and keeping your patient’s records out of the hands of hackers and giving you peace of mind.
Need Help Securing Your Practice’s Data?
Talk to a Med USA Compliance Expert Today!