Imagine it’s early Monday morning, and you’re getting to your office. When you start up your computer to look at your schedule and bring up your first patient’s chart, you can’t get into your system. The next thing you see is a message from some hacker demanding bitcoin to release access to your data. You are yet another victim of a ransomware attack.
Since 2020, the number of cyberattacks in the medical industry has skyrocketed. It seems that we see reports of a new attack every time we check the news. Major hospital systems have been held hostage for millions of dollars – not including the millions in lost revenue lost while systems are down, and patients cannot get the care they need. Independent medical practices are not immune. Have you prepared?
Cybersecurity is a real issue for us physicians now. Besides dealing with potential identity theft and HIPAA violations, we need our patients’ information to take care of them. We follow labs, test results, consults, and all sorts of data to help manage medical conditions. Electronic medical records (EMRs) can help give us quick access to data to make management decisions. In the future, we will hopefully be able to access all a patient’s data no matter where they are from, which is important given the mobility of people today.
Unfortunately, there is a dark side to EMRs. Our dependence on them and their vulnerabilities to attack present an opportunity for bad actors. The effects of a ransomware attack on a medical practice can be devastating. Pertinent medical information can be lost, which leads to suboptimal care. The practice may have to pay the ransom to regain access, which could create significant financial headwinds and put the practice at risk. Additionally, the government could fine the practice for not properly securing data and patients could leave the practice because they don’t feel their information is protected.
Cybersecurity is not just an issue for insurance companies and large hospital systems. It can affect any medical practice, and it’s our responsibility to be prepared for the sake of our patients and our practices. What can you do? Have backup plans in case your system goes down (e.g., offline data backups). Name a point person and make sure your staff is educated on techniques to prevent unauthorized access to your systems. Perhaps consult a cybersecurity firm to add protections to your system and sensitive data. It is critical that we become educated on this subject and figure out how to avoid becoming a victim.
Earlier this year, President Biden identified cybersecurity as a critical issue facing the federal government as well as the private sector. It is realistic to expect medical information to be included in new security requirements. We need to be proactive and plan for these requirements. Protecting our data may be expensive, but the cost of not doing so could be far greater. Cybersecurity issues are here to stay, and we need to remain vigilant to protect our patients and our practices.
Jared Weiner is an anesthesiologist.
Image credit: Shutterstock.com