According to a Help Net Security survey, 1 in 5 small healthcare practices didn’t know whether they had a cybersecurity response plan. Another 49% stated that they definitely didn’t have one.
Why might this be a problem? Well, for starters, medical and healthcare organizations are at the top of the list for opportunistic hackers. Attacks against providers increased over 55% in 2020, making it a 13.2 billion dollar industry. Many providers keep digital records of patient files that are secured with old and outdated services. This makes it easy for cybercriminals to go in and compromise any data or patient health information (PHI) they can get ahold of.
The healthcare industry also has the longest breach recovery time with a 236 day average, and an average breach identification time of 96 days.
Criminals will use different vectors to orchestrate a breach, whether it comes from ransomware, phishing or other social engineering tactics. But it’s not just human error and data protection you should be concerned about. When it comes to breaches the loss of revenue, downtime and even disruptions to patient care could seriously harm your organization.
It’s more important now than ever, if you do work at a medical practice, to ensure your organization is maintaining HIPAA security standards. If not, you could receive substantial fines for failing to do your due care and due diligence as outlined by regulatory requirements. For some basic information on fines you could receive and what you may be liable for, check out our webpage here.
Sign up to our mailing list to receive more IT related educational information: