49% of small medical practices don’t have a cyberattack response plan
Sophisticated cyberattacks are crippling healthcare providers by posing a threat to core functions and patient privacy, according to Software Advice survey.
Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. Small practices risk more significant losses in the event of a cyberattack, often due to lack of training and inadequate security technology.
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and FDA recently urged healthcare providers to prepare for cyberattacks as organized criminals are increasingly targeting healthcare practices. According to the survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally. This increases the risk of security vulnerabilities as hackers can infiltrate healthcare providers remotely using deceptive techniques.
Breaches are becoming more common, human error is often to blame
23% of small practices have experienced a data breach, and 46% of these breaches were caused by avoidable human error. Therein lies the problem: 42% of small practices and 25% of large practices spent no more than two hours on IT security and data privacy training in 2021.
“Healthcare cyberattacks are happening daily and are targeting patient data, management systems, and medical devices at vulnerable medical practices,” said Lisa Hedges, associate principal medical analyst for Software Advice. “Preparing for attacks is crucial because losing patient data can be detrimental to treatment plans and diagnoses.”
Losing data poses the greatest risk for patients as critical information on medical history and treatment plans can be lost entirely. Both small practices (14%) and large practices (11%) permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. One in five representatives from small practices didn’t know if they had a formal cybersecurity response plan, and another 49% said that they definitely did not.
Regardless of medical practice size, preparing for cyberattacks is imperative as risks have increased and hackers are becoming more advanced.