A first of its kind survey just released by the American Medical Association (AMA) revealed that a staggering 83% of US physicians have been the target of cyberattacks. The majority of the 1,300 physicians surveyed in the Dec 2017 AMA report also cited dissatisfaction with the level of support coming from the federal government to counter cyber threats to their business and patient privacy.
The primary areas of concern for three-quarters of the physicians surveyed were interruption to business and electronic health security, incl compromised patient data. Further, nearly two-thirds of the physicians reported that they lost 4 hours or less after a breach, while 12% lost between 1-2 days of productivity.
As seen in the below chart, Phishing and Malware were the primary vectors of attack at physician offices, with insider threats coming in third.
Who trains or generates the training content for physicians and their office staff? Nearly 40% of physicians surveyed rely on their Health IT vendor to generate security awareness training content, whereas a full quarter hired a lawyer or another third-party for this content.
Given these results, physicians are rightly concerned about keeping their practice and patient data secure from future breaches. They cite significant need for knowledge and for help with developing strategies and plans to fend off future cyber attacks.
Along with these external threats, doctors and hospital administrators need to be aware of threats presented from within. Whether its a 2 person doctors office or a hospital serving a major metropolitan area, medical organizations should robustly vet external vendors that service everything from computers, HVAC, networking — any persons that have been granted privileged access into the medical system. The vendors access controls should be well understood and tightly regulated, to ensure confidential / sensitive data is not exposed if it is not relevant to their operations.
RSI Securitys HIPAA compliance consultant professionals have helped both small and large medical organizations with their HIPAA compliance requirements. RSI also has helped to configure an individualized Cybersecurity plan that is optimized for your specific needs and ensures constant compliance through our managed services.
We can deploy a robust security training and awareness plan that will simulate phishing and malware email attacks to your employees, setting up opportunities for future discussion on what went right as well as identify areas where they may need to be more vigilant. Our Content Filtering service complements this training by proactively preventing employees from accessing malicious sites, whether through accidental or deliberate clicks on links.
Whether actively managing patient care or charting procedures and history in EMR, a doctors office is a beehive of activity and its understandable staff focus may not be centered on scrutinizing every email or link or Microsoft Office macro that they come across. That said, it takes just one click to unleash ransomware that can lock up a critical workstation or entire office network, causing downtime and havoc on scheduling.
Talk to RSI on how we can help secure your medical business from cyber threats, to let you fully focus on the critical job of taking care of your patients.
About the Author
Eric Haruki is a technology analyst with over 15 years of experience advising global category leaderssuch as Samsung, Panasonic, HP, & Ciscoonproduct and brand strategy, market competitiveness, and in areas of untapped product and distribution opportunity. He has produced both syndicated and project work, delivering forecasts, SWOT analyses, road maps, and panel survey insights to research customers around the globe. Eric has contributed to major print and television press outlets and has been a featured presenter at industry conferences. He isdriven to find insights through extensive market research and deliver concise and actionable solutions to vendors, leading ultimately to the development of valued downstream goods and services to end users.