Successful cyberattacks on medical organizations are on the rise—according to the HIPAA Journal, health care data breaches have doubled since 2014, and there was a 25% year-over-year increase in 2020.
Still, it can be easy to assume your medical practice isn’t at risk. You may think, “I have an IT team/provider; they can protect us from all that.” Unfortunately, they probably can’t—most small IT teams/providers cannot keep up with managing potential cyberattack threats.
A data breach is no joke—it can have serious consequences for your practice’s finances and reputation, as well as for your patient’s care and safety. That’s why more and more small- and medium-sized practice owners need to consider an outside source to help keep their valuable patient information safe.
Why Cybercriminals Target Health Care Practices
Your practice is a goldmine of highly desirable patient data in the form of protected health information (PHI). This PHI includes patient medical histories, social security numbers, credit card information, dates of birth, email addresses, phone numbers and more enticing information hackers want.
How a Cyber Defense Firm Can Help
Hackers use “vulnerabilities,” which are bugs in software, as a means to get access to PHI. A hacker exploits these vulnerabilities to inject malware, take over as an administrator or engage in other nefarious behavior.
The Cybersecurity & Infrastructure Security Agency (CISA) tracks and posts these vulnerabilities on its public website. But since vulnerabilities develop rapidly, most small IT teams/providers don’t have the time or expertise to manage them appropriately.
A good cyber defense firm has the right tools and technology to safeguard your systems and data. They can provide you with “threat intelligence,” analyzing each vulnerability to determine:
- Is it a legitimate and credible threat to your organization?
- What’s the risk level to your environment?
- What action, if any, should you take?
For example, consider the recent Follina vulnerability in Microsoft Outlook. US ENT learned about Follina from the cyber defense firm we partner with, DKBInnovative. DKB determined that Follina was a credible threat; hackers were exploiting the Follina vulnerability by sending emails with fake Word doc attachments. Once a user opened or previewed one of these Word docs, malware would install on their computer and allow a hacker to take control of it, putting our security at risk.
At the time, Microsoft hadn’t yet provided a patch to fix the issue, DKB immediately tested and implemented a script to apply to all the endpoints that they support to protect their clients from this threat. They had best practices in place to reduce the chances of these malicious emails getting through and mitigations in place to stop Follina even if someone on our team did open a dangerous attachment. Read more about DKB’s Follina advice here.
What was your IT provider’s response to Follina?
If you don’t have a cyber defense firm like DKB monitoring and managing vulnerabilities like Follina, you are in greater danger of being compromised, which can impact your practice in multiple ways.
What’s at Stake
Your Finances—Ransomware is malware that prevents you from accessing your files or threatens to publish information publicly until you pay a ransom, putting you at risk of HIPAA violations and hefty fines. If you choose not to pay a ransom, you risk paying HIPAA fines if PHI is published.
Your Reputation—If your practice does experience a data breach, it has the potential to damage your reputation with current and future patients. Some could decide to take their business elsewhere if they feel they can’t trust you.
Your Ability to Provide Care—If your files are held hostage by cybercriminals via ransomware, you won’t be able to access your patient’s medical records and offer vital care, leaving your practice and patients in limbo.
Your Patient’s Safety—Once cybercriminals have their virtual hands on your patients’ PHI, they can use it to harm them by stealing their identities.
Just How Vulnerable Is Your Practice?
You can’t protect what you don’t know about—and to mitigate your cybersecurity risks, you need to figure out where you’re vulnerable. Our friends at DKBInnovative have a free tool to help make it easier—their Cybersecurity Scorecard allows you to grade your business in seven critical areas. In minutes, you will have a prioritized plan of specific improvements you can make to enhance your practice’s security measures.
When it comes to cyberattack threats, it’s better to be safe than sorry. Learn more about how a partner such as DKB can help secure your practice against cyberattacks by contacting your regional manager.