In 2016,1 a hospital in California was the victim of a ransomware attack. Hackers shut down the internal computer system at Hollywood Presbyterian Medical Center for over a week, encrypting protected patient files, emails, billing, and other sensitive data.
The hackers were demanding $3.7 million in ransom before they would relinquish control of the information obtained from the hospital’s server. Tim Erlin, a spokesperson from the hospital, said that the attack “seriously degraded their ability to deliver care.”
Attacks like this are becoming increasingly common, and medical businesses are a big target. Cyber attacks can derail business operations, cost companies thousands of dollars, and damage brand images.
Cyber attacks and data breaches have become a recurring trend in today’s society, and the most valuable currency is customer data. In the medical business world of sensitive medical records and HIPPA-protected patient files, virtually all patient and company data is prized by hackers and worth protecting for your practice.
As breaches become more common and destructive, organizations are still perplexed about coverage and, ultimately, uncertain about cyber insurance being a necessity. In this era of increasing regulation and public awareness of data security risks, you don’t want to risk critical information falling into the wrong hands. Every practice should consider their exposure level in the event that sensitive data is compromised, but for the medical business community, cyber security needs to be a top priority.
Data is everywhere. We store it in our internal business systems and in the cloud. We collect it from our clients and share our data with business partners. Leaders need data, value it, and are able to amass it. We carry data with us and leave a digital footprint every day. Technology providers help us store it forever and share it globally. In the data breach era, leaders face greater risk if they fail to protect data throughout its lifecycle.
Email is an easy access point and hackers can deploy massive attacks by sending out blanket emails waiting for a bite—giving them access to your practice’s sensitive information—or worse, your patient’s personal information. Medical practices are more susceptible to cyber attacks because many of their employees have access to patient information and medical records. These employees constantly work over email sharing company data, and often times aren’t properly trained on how to recognize or respond to these types of incidents.
Data breaches can be expensive and are difficult to avoid. In a recent study, more than 50% of small- to mid-sized businesses surveyed stated they faced a cyber-security attack, and the average cost of a data breach has increased to a staggering $5.9 million!
As data breach consequences grow, leaders must understand their data security risk. Companies face increased scrutiny from regulators, litigants, business partners, and their customers so leaders must make timely data security decisions. A data security strategy helps leaders make risk-informed decisions before their actions are reviewed after a breach.
Why small- and mid-sized practices are at risk
We hear about large-scale cyber incidents on the news all the time, but cyber criminals are focusing more and more of their efforts on small and mid-sized businesses. According to Chubb, 62% of all cyber breach victims are small and midsize enterprises (SME’s). Experts expect that this trend will continue to rise.
One reason that cyber criminals are increasingly hitting SME’s is that many smaller operations do not have dedicated cyber security teams, and mistakenly believe that the expense of onboarding a cyber security expert is beyond their budget. This opens such businesses up to be an easy target for cyber criminals.
According to Patrick Theilen, SVP at Chubb, “Cyber criminals typically don’t target specific small businesses, but they increasingly use tools that target the vulnerabilities of small businesses. Those vulnerabilities are sometimes technical, like unpatched software or poorly configured hardware. Even more commonly, those vulnerabilities are simply employees who may use weak or compromised passwords, or may inadvertently click something they shouldn’t have.”
All medical businesses face their own types of cyber risks, and while they may not be completely avoidable, having a prevention plan, educating your employees, and proper cyber liability insurance coverage can protect your practice from the financial and operational dangers of a cyber security breach.