The Medical Group Management Association’s most recent MGMA Stat poll asked healthcare leaders if their organization has experienced a cyberattack in the past year. While the majority (70%) have not experienced a cyberattack in the past year, 23% have and 7% were unsure. This poll was conducted on March 5, 2019, with 1,239 spplicable responses.
Those who responded “yes” were then asked what type of cyberattack they experienced. Phishing was the most common attack (42%) with malware (ransomware) not far behind at 32%. Others experienced a combination of these hacks (8%) and other types of hacks (10%). A small portion (8%) of organizations experienced cyberattacks but were unsure about the type of attack.
With nearly a quarter of organizations having experienced a cyberattack in the past year, healthcare organizations are particularly at risk when it comes to cyberattacks. In an October 2018 Forbes article, Kate O’Flaherty wrote that hackers can steal “patient records, claiming highly sensitive data, including names, social security numbers, home addresses and dates of birth” leaving these individuals at high risk for identity theft. Not only do these attacks leave your patients at risk, they can also be costly to your organization. As Aziza Kasumov wrote in a July 2018 Bloomberg article “a data breach can cost health-care providers more than $400 per patient.” Ransomware can also be a costly issue. As explained by Elizabeth Snell in this Health ITSecurity article, “ransomware is a type of malware that typically prevents organizations from accessing certain parts of its system. For example, an entity and its users could be locked out from critical systems, such as EHRs, and may be unable to get in unless they pay a certain amount of money.” Therefore, organizations should take serious steps to prevent cyberattacks from affecting their organization.
In a recent MGMA Connection article, Andrew Jahnke, founder and chief technologist for managed IT and custom cloud service provider RainTech, outlines areas leaders should review to help prevent cyberattacks in their organization. This list offers a detailed collection of key areas that medical practice leaders should examine to be prepared for a possible cyberattack including:
- Endpoint protection
- Network protection
- Email protection
- Network administration/management
- User instruction/policies and procedures
- Backup/disaster recovery
- Advanced security measures
For the full list with specific questions regarding each area, click here.
MGMA Stat is a national poll that addresses practice management issues, the impact of new legislation and related topics. Participation is open to all healthcare leaders. See results of other polls and information on how to participate in MGMA Stat.
Learn more
- “Steps to stronger cybersecurity” – A MGMA insight article that provides a usable cybersecurity assessment for your organization.
- “Cybersecurity Action Steps” – MGMA Advocacy resource that outlines cybersecurity action steps.
- “HHS releases voluntary cybersecurity practices for the health industry” – Aims to raise awareness of cybersecurity issues and advice on how physician practices can better protect themselves against cyberattacks.
- “Does your practice have a cybersecurity contingency plan?” – MGMA Insight article that guides you through steps to take to prevent and/or deal with cyberattacks.
Sarah Taylor
Research Assistant
MGMA
