Hackers aren’t only targeting large health systems anymore.
Medical practices all over the country are struggling with a truly thorny issue: the risk of a cybersecurity attack. In the past, breaches were less of a concern for smaller practices; hackers seemed content to target large health systems. Unfortunately for those in charge of keeping patient information safe, that’s no longer the case.
Patient data is so valuable — and smaller providers are more vulnerable — that hackers are increasingly targeting physician groups. A report from the cybersecurity firm Critical Insight found that the number of attacks on physician groups rose from 2% of healthcare attacks in the first half of 2021 to 12% in the first half of 2022.
One reason for the increase is the number of attacks on EHR systems through business associates (BAs) and third-party vendors. The BA category accounts for 15% of all breaches, with 74 BA breaches reported to the Office for Civil Rights (OCR) in the first eight months of 2022. Of course, the ramifications for fines, remediation, bad publicity, increased cyber security insurance premiums and credibility loss are the same, regardless of whether hackers gained access to the practice’s system directly or through one of their third parties. <Read More>
Michelle’s Take – Smaller medical practices are now becoming targets. So, it’s imperative that they understand cyber risks and protect their systems. Having a cyber liability policy with a company that is dedicated to healthcare will provide risk management to protect your data before an attack occurs.