49% of small practices and 15% of large practices don’t have a formal plan of action in the event of a breach.
Sophisticated cyberattacks are crippling healthcare providers by posing a threat to core functions and patient privacy, according to Software Advice’s Healthcare Data Security Survey. Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. Small practices risk more significant losses in the event of a cyberattack, often due to lack of training and inadequate security technology.
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and FDA recently urged healthcare providers to prepare for cyberattacks as organized criminals are increasingly targeting healthcare practices. According to Software Advice’s survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally. This increases the risk of security vulnerabilities as hackers can infiltrate healthcare providers remotely using deceptive techniques.
Breaches are becoming more common, and human error is often to blame. 23% of small practices have experienced a data breach, and nearly half (46%) of these breaches were caused by avoidable human error. Therein lies the problem: Software Advice found that 42% of small practices and 25% of large practices spent no more than two hours on IT security and data privacy training in 2021.
“Healthcare cyberattacks are happening daily and are targeting patient data, management systems, and medical devices at vulnerable medical practices,” said Lisa Hedges, associate principal medical analyst for Software Advice. “Preparing for attacks is crucial because losing patient data can be detrimental to treatment plans and diagnoses.”
Losing data poses the greatest risk for patients as critical information on medical history and treatment plans can be lost entirely. Both small practices (14%) and large practices (11%) permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. One in five representatives from small practices didn’t know if they had a formal cybersecurity response plan, and another 49% said that they definitely did not.
Regardless of medical practice size, preparing for cyberattacks is imperative as risks have increased and hackers are becoming more advanced. Read the full survey and analysis on Software Advice. Medical providers can also explore cybersecurity software and a guide to strengthen their healthcare data security to help bolster their defenses.
About Software Advice
Software Advice™ helps businesses navigate the software buying journey. Industry-specific advisors guide people through the selection process and provide personalized software recommendations. Founded in 2005, Software Advice has helped more than 825,000 businesses find the right software for their specific needs through 1-on-1 advice, objective research and actionable insights. Software Advice also features over 1 million verified user reviews to ensure people feel confident in their technology decisions.