What a Cyber Attack Will Cost Your Ophthalmology Practice
While you are busy caring for your patients and improving their eyesight, cyber attackers are working just as hard to infiltrate your systems. They will search until they find the most vulnerable prey (practices with minimum security) and then launch a silent attack to steal your patient information.
The Identity Theft Resource Center (ITRC) defines a data breach as “an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.”
Patient records are overflowing with sensitive information such as credit card numbers, insurance information, birth dates and medical history – information that can be used for criminal activity and identity theft. Beyond patient records, technical equipment in your office is also at risk from cyber attackers. As more and more ophthalmologists turn to computer-guided systems for treatment, the networking capabilities of these systems can be hacked to reveal sensitive information. Worse yet, the settings of these intricate devices could be disrupted, leading to inaccurate treatment and disastrous results.
How Healthcare has been Affected
The ITRC has reported 8,190 data breach incidents from Jan. 1, 2005 through Dec. 20, 2017, exposing over 1 billion records. While the business sector sustained the most activity in 2017 at 50%, the medical/healthcare industries were a close second at 28%.
After the Attack
Once your practice is hacked, it will be a scramble to take charge of the situation, identify how the breach has affected your database or technologies and put safeguards in place immediately. This costs money to correct – plenty of it.
The Ponemon Institute has reported that breaches in health data security cost the U.S. healthcare industry a whopping $6.2 billion.
The actual cost of a cyber attack will depend on the size of your practice and the damage done, including security-related HIPAA violations. Large medical centers could end up spending millions of dollars to recover while smaller practices may be faced with bills amounting to hundreds of thousands of dollars.
Cyber criminals have become clever in demanding ransom money from practices in return for patient data. Unfortunately, when faced with this situation, many practices end up paying the ransom in order to quickly resolve the situation. There is no right answer when it comes to ransomware decisions; your practice will have to weigh the costs and timeframe of resolving the issue itself vs. paying the cyber criminals if this happens to you. Paying the ransom may make your practice more vulnerable to future attacks if proper security measures are not put into place immediately.
Regardless of how the situation is resolved, reacting to a cyber attack will most definitely put a dent in any practice’s bottom line…and their reputation.
The Trust is Gone
When you sustain a data breach, a cloud of distrust will enshroud your practice. Your revenue stream – current patients, prospects and your referral network – could dry up. There are simply too many competitors in the medical arena from which to choose – competitors that will appear more dependable with patient information.
Don’t Wait; Act Right Now
Getting control of your practice’s cyber vulnerability should be a top priority. The longer you wait, the more at risk you are putting your patients, your staff and your practice as a whole. It is recommended that you hire an organization to review your current system and devise a process to safeguard against threats as well as respond to breaches in the most effective manner possible.
Some of the tasks that may be recommended:
- Educate your doctors about the potential threats and the importance of making this investment
- Put security protocols in place for in-office mobile devices and computers such as never leaving devices unattended, requiring strong passwords, installing anti-theft apps and screen locks on devices, etc.
- Train all staff on security policies and conduct reminder training sessions regularly
- Regularly back up your technological equipment
- Hire a company to continually monitor external and internal threats
- Understand how your valuable information is being stored
- Invest in technology and software to protect sensitive information
- Devise a reaction plan to respond to crisis situations
- Demand that your partners are undertaking similar security measures
- Appoint a person or team to react immediately to any new threats, scams or attacks
- Schedule regular meetings with management and the security team for information briefings
No one company can guarantee that their services will 100% eliminate a cyber attack from occurring. However, cyber security organizations are absolutely necessary in today’s world to protect your practice. There are ways to make these systems more affordable. One such method is by joining a Management Services Organization (MSO). MSOs gather the best of the best in service organizations under one umbrella and allow their MSO members to benefit from large group pricing to make services more cost-effective.
Advantage Healthcare Consulting, a division of Advantage Administration, is an MSO that is currently accepting new members. We have a network of resources for ophthalmology practices, including cyber security experts, that our members can access. We’ve done the legwork for you in identifying the most reliable and results-oriented companies; your practice can reap the benefits.
To learn more about options that will make your practice cyber threat ready, contact us today.