Sophisticated cyberattacks are crippling healthcare providers—with particular impact on smaller practices—by posing a threat to core functions and patient privacy, according to new research.
Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years, according to Software Advice’s Healthcare Data Security Survey. Small practices risk more significant losses in the event of a cyberattack, often due to lack of training and inadequate security technology.
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and FDA recently urged healthcare providers to prepare for cyberattacks as organized criminals are increasingly targeting healthcare practices. According to Software Advice’s survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally. This increases the risk of security vulnerabilities as hackers can infiltrate healthcare providers remotely using deceptive techniques.
Breaches are becoming more common, and human error is often to blame, survey data showed. Roughly 23% of small practices have experienced a data breach, and nearly half (46%) of these breaches were caused by avoidable human error. Therein lies the problem: Software Advice found that 42% of small practices and 25% of large practices spent no more than two hours on IT security and data privacy training in 2021.
“Healthcare cyberattacks are happening daily and are targeting patient data, management systems, and medical devices at vulnerable medical practices,” says Lisa Hedges, associate principal medical analyst for Software Advice. “Preparing for attacks is crucial because losing patient data can be detrimental to treatment plans and diagnoses.”
Losing data poses the greatest risk for patients as critical information on medical history and treatment plans can be lost entirely. Both small practices (14%) and large practices (11%) permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. One in five representatives from small practices didn’t know if they had a formal cybersecurity response plan, and another 49% said that they definitely did not.
Regardless of medical practice size, preparing for cyberattacks is imperative as risks have increased and hackers are becoming more advanced. Read the full survey and analysis on Software Advice. Medical providers can also explore cybersecurity software and a guide to strengthen their healthcare data security to help bolster their defenses.