According to research released by Accenture, 83% of all physicians have been cyber attacked within the last 12 months. The study was performed between July and August of 2017 and had 1,300 physician respondents.
The most common cause of the attacks came, not surprisingly, from phishing. Phishing is the sending of email that looks like something completely normal or safe but contains a link to something malicious. Once the user clicks the link, they are infected with some sort of malware that allows an attacker to take over the computer. The attacker then uses the compromised computer to access patient records.More than half of those surveyed indicated this was the way they were cyber attacked. In second place was malware with just under fifty percent This would include ransomware. This means that nearly fifty percent of all physicians have been cyber attacked by malware. This is, perhaps, the most dangerous since many don't regard this as a reportable offense. But under guidance issued by the the Department of Health and Human Services, ransomware is a breach.
When a site is breached, it takes time to download the massive databases of patient records to an attacker's computers. But if no one at the practice is watching, then it doesn't matter how long it takes. On average, practices that are cyber attacked take 6 months to notice the breach.
This is apparent with news of breaches such as Peachtree Orthopedics in Atlanta. In this hack, 543,879 patient records were compromised and placed for sale on the dark web. It was months after Peachtree Orthopedics was cyber attacked that they noticed the breach. Most of these attacks occur without physicians or practices ever knowing about it. Its not until the data is found online by a third part or, in this case, the hacker contacts the practice for a ransom payment, that the breach is discovered.
Once this data is stolen, it often ends up on black market websites for sale to the highest bidder. This means that patient personal information is exposed.
Cyber attacks lead to downtime
The study found that two thirds of all practices suffered up to 4 hours of downtime before they could restore normal operations. While one third were able to get back to work within one day. This is only taking into consideration getting back up after a breach. Its not dealing with that fallout from the breach itself. These would include notification of HHS, patients, and media about the details of the breach.
Could your practice recover?
If your practice suffered a breach, and the data suggests you likely already have, could you restore back to normal operations within 24 hours?
How would you do it? Do you have a reliable backup system?
Have you tested it to be sure?Do you have methods in place to detect breaches if they occur?
If you would like to learn more about how to protect your practice and patient's privacy, then contact Iron Comet at 770-506-4383 for your evaluation. We can help protect your livelihood and your reputation.
If you would like to learn more about this study, head over to the article at the Inc website, here.