Healthcare is the among juiciest target for cyber hackers owing to the treasure trove of personal information that can be sold profitably on the dark web and used against patients. It’s not a pretty sight for healthcare facilities and providers to struggle against voracious cyber attackers.
It turns out that physicians believe their practices are exposed as well, according to a new survey of 1,300 doctors in the U.S. conducted by consultant and service provider Accenture (a Top 100 MSSP for 2017) and the American Medical Association.
They have good reason to worry -- some 83 percent of physicians in the study have experienced some form of cyber attack, such as phishing and malware. And, 55 percent are quite worried that additional attacks will hobble them again.
Many are interested in relying on third-parties, such as managed security service providers (MSSPs) to implement a security framework to help them safeguard their practices from cyber attackers.
Calling MSSPs for Help
Enlisting MSSP engagement appears to be a sound idea for physicians to ward off hackers. Indeed, when cyber crooks infiltrate physician practices, they often wreak havoc with service interruptions, system downtime, increased operational expenses and patient safety risks, the study showed. Indeed, 29 percent working in medium-sized practices said it takes them up to a day to recover from the damage.
About 74 percent of the sutudy’s participants cited interruptions to their clinical practice as what they worry about the most. In addition, 53 percent said they’re concerned about the safety of their patients’ data in future cyber break-ins.
When attacked, physicians have some resources at their disposal, the study’s data showed. More than half (56 percent) alert their health IT vendor when a breach occurs and 49 percent employ an in-house security official. An onsite specialist is more common to larger organizations than smaller ones, according to the survey’s results.
Third-party vendors, such as MSSPs, deliver security training to about 37 percent of the respondents. Half trust their training providers to ensure that the training content is adequate, they said.
HIPAA Compliance Concerns
As for compliance, nearly nine in 10 believe that their practices are complaint with regulations established by the Health Insurance Portability and Accounting Act of 1996 (HIPAA) that provides data privacy and security for protecting patient information. Still, about two-thirds of physiciants have lingering questions about HIPAA compliance, the data indicated.
For obvious reasons, physicians in the study said they need to trust their security apparatus. While most (85 percent) believe that sharing electronic protected health information (ePHI) is important, only one in three trust their vendors in the ePHI process, although two in three believe that more access to data would improve patient care.
When asked about their interest in new technologies that may deliver benefits to their practice, the respondents said that steps in that direction will require them to remain vigilant to new security challenges. Telemedicine, for example, interests 33 percent of the physicians in the study to where they are likely to adopt it in the coming year, and 28 percent are likely to bring on patient-generated health data in the same time frame.
In particular, telemedicine brings with it some travials. While the security landscape for physicians is brightening somewhat, those in the study expressed concern over the security and HIPAA implications for telemedicine.