Exclusive: ACR Convergence 2024| Focus Rheums

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

Cyber Risks: A New Area of Liability for Medical Practices

  |  Issue: December 2015  |  

Andrey_Popov/shutterstock.com

Image Credit: Andrey_Popov/shutterstock.com

Computerization of healthcare in general, and medical records in particular, has opened additional areas of liability for medical practices that many may not be addressing. A data breach of patient records can have major financial and business impacts on the practice when they occur.

Data Intrusions Increasing

The number of data intrusions hit a record high in 2014, according to a report from Identity Theft Resource Center. It also found that the industry with the most breaches was the “medical/healthcare” category. This accounted for 42.5% of the total across all industries.1

ADVERTISEMENT
SCROLL TO CONTINUE

“Around 90% of healthcare providers reported one or more data breaches over the last year according to our survey,” says Larry Ponemon, PhD, chairman of the Ponemon Institute in Traverse City, Mich. “Forty percent said they had five or more intrusions into their computer systems.”2

Very Expensive

Dr. Ponemon

Dr. Ponemon

Data leakage can be a very expensive proposition. Healthcare-specific laws and regulations put added requirements on medical professionals that run the cost up. The latest iteration of the Ponemon Institute’s research into the costs of data breaches shows the average cost per medical record compromised was $398. A patient panel of just 2,500 could easily result in a $1 million loss to the practice. The mean cost over all surveyed industries was $271 per breach.3

ADVERTISEMENT
SCROLL TO CONTINUE

To address these financial issues, many practices are looking into cyber insurance (CI). The actual policy will change depending on the kinds of risks you are insuring and how much you want to spend.

All Size Practices at Risk

For most physicians, there is a view that they are small and are not likely to draw the attention of a hacker. This is bad thinking for a lot of reasons.

Mr. Overly

Mr. Overly

“People think that most hackers are kids overseas who have just consumed eight caffeine drinks and will go after the big fish, leaving [them] alone,” says Michael Overly, Esq., information security attorney at Foley & Lardner LLC, in Los Angeles. “Hackers are a well-organized industry, where one e-mail virus may be sent to millions of addresses. If one of your employees clicks on this e-mail, your computer system may be compromised.”

He has seen spoofing e-mails that look as though they came from someone well known in the field. Mr. Overly says he can almost guarantee that 40% or more of the recipients wouldn’t be able to resist the temptation to open the message.

Related Articles

    HIPAA and PHI Cybersecurity Best Practices in the COVID-19 Era

    When the first SARS-CoV-2 case was recorded, it was difficult to appreciate the extent to which cybersecurity concerns, particularly in connection to the protection of patient healthcare data, would enter into main­stream consciousness. Although many practices and healthcare organizations have recently adopted additional measures to safeguard patients’ protected health information (PHI) through expanded cybersecurity monitoring,…

    English Hospitals Divert Ambulances After Ransomware Cyber Attack

    LONDON (Reuters)—Hospitals and doctors’ surgeries across England were forced to turn away patients and cancel appointments on Friday after a nationwide ‘ransomware’ cyber attack crippled some computer systems in the state-run health service. The U.K. National Health Service (NHS) said 16 organizations had been affected by the cyber attack but said it had not been…