Data breaches within the healthcare field reached an all-time high in 2021, according to a recent report from Critical Insight, with the majority being linked to hacking and IT-related incidents. If you are a healthcare or dental provider operating a small practice, you and your patients could be at risk. Here’s what you need to know.
Cyberattacks on providers are increasing
Overall, researchers found an 84 percent increase in data breaches between 2018 and 2021; the number of individuals affected tripled from 14 million to 45 million in the same period. While every sector of healthcare is targeted by cybercriminals, there has been an alarming rise in the number of providers who’ve been impacted by a data breach.
Providers accounted for nearly 73 percent of data breaches in 2021, and according to the report, outpatient and specialty clinics faced a 41 percent increase in hacking/IT incidents last year. Why?
Cybercriminals understand that larger entities may have extensive security measures in place, however, smaller practices often lack the resources to constantly monitor their systems. That, combined with the increased stress brought on by the coronavirus pandemic, makes small practices and individual providers the perfect targets.
According to the results of the 2021 HIMSS Healthcare Cybersecurity Survey published in January 2022, 67 percent of respondents stated that in the past 12 months, their organization combated significant security incidents.
The HIMSS survey also determined that phishing continues to be the top type of cyberattack that targets healthcare businesses, followed by ransomware, which has been growing substantially in recent years.
The Most Common Attacks
A phishing attack involves sending fraudulent communications that appear to come from a legitimate source. For example, an employee may recieve a password reset notification that, at first glance, appears to be from your company. They click the link, “reset” their password, which requires them to enter their current password, along with the new password. After they click submit, the phisher has access to their password – and everything it unlocks.
Ransomware is malicious software that blocks encrypts important data or blocks access to an essential system until a ransom is paid. Ransomware is used to extort money from victims by threatening to either delete the files or sell the data on the dark web if the ransom isn’t paid.
The results also determined that when it came to these attacks, obtaining financial information was the most frequent goal.
The Impacts of a Cyberattack
Recently, our COO/CIO Christian Doroja appeared on the Canadian Dentist Podcast where host Dr. Carlo Biasucci shared what he experienced when his practice was targeted by cybercriminals.
We’ve actually had ransomware twice on our server in the practice, and your whole life is in that little box … Everything is just coasting along and then, boom, it’s gone and you realize it is impossible to run your day.” – Dr. Carlo Biasucci
If your practice falls victim to a cyberattack, it could take days – or weeks – to return to normal operations, assuming access to your data can be restored. Being unable to run your day-to-day operations can be crippling for a small business, plus there is a risk of fines for non-compliance or lawsuits over data breaches. Ransomware attacks can carry additional financial burdens. You could also lose your patients’ trust, which is a key factor in providing their care.
It is much more cost-effective – and considerably less stressful – to avoid a cyberattack than to have to recover from one. Having a dedicated team of experts like ours handling your IT is one of the best ways you can ensure your business doesn’t suffer the consequences of a cybersecurity incident.
If you’d like to learn more about how we can help protect your practice and your patients or to claim your free cybersecurity audit, send an email to sales@metallicit.ai.