85% of physician practices weathered cyberattacks, disrupting care, risking safety

A new report from AMA and Accenture finds phishing is the most common type of attack.
By Bill Siwicki
12:21 PM
Share
Clinical interruption from healthcare cyberattacks

Hospital IT and security executives should know that hackers are by no means finished with slicing and dicing healthcare. Ransomware strains such as WannaCry, Petya and NotPetya were only shots across the bow -- there are sure to be many more such cyberattacks to come.

If hospitals have become used to this new reality, the healthcare industry may need to start paying more attention to protecting physician group practices. A colossal 83 percent of U.S. physicians have suffered some form of cybersecurity attack, according to new research from Accenture and the American Medical Association.

[Also: 2018 is primed for blockchain, big data and cloud computing advancements, all with a better security plan]

Fifty-five percent of the 1,300 physicians surveyed said they were very or extremely concerned about future cyberattacks against their practice. Further, 74 percent of physicians were most concerned that future attacks could interrupt their clinical practices and the same percentage worried about the compromise of patient records. Fifty-three percent worried cyberattacks' impact on patient safety.

The most common type of attack against physician practices is phishing, cited by 55 percent of those who experienced an attack. Phishing is followed by viruses at 48 percent. Physicians from medium and large practices are twice as likely as those in small practices to suffer these types of attacks, the survey found.

Sixty-four percent of all physicians who suffered a cyberattack experienced up to four hours of downtime before they resumed operations, and 29 percent of physicians in medium-sized practices that suffered a cyberattack said they experienced nearly a full day of downtime, the survey said.

In this era of non-stop cyberattacks on healthcare organizations, 85 percent of physicians believe it is very or extremely important to share personal health data outside of their health system – they just want to do it safely, the Accenture/AMA survey found.

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

Two-thirds believe that greater access to patient data both inside (67 percent) and outside (65 percent) their health system would help them provide quality patient care more efficiently. However, the vast majority (83 percent) of physicians said that HIPAA compliance alone is insufficient and that a more holistic approach to assessing and prioritizing risks is needed, the survey found.

“The important role of information sharing within clinical care makes healthcare a uniquely attractive target for cyber criminals through computer viruses and phishing scams that, if successful, can threaten care delivery and patient safety,” said AMA President David Barbe, MD, in a statement. “More support from the government, technology and medical sectors would help physicians with a proactive cybersecurity defense to better ensure the availability, confidentiality and integrity of healthcare data.”

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com