Cybersecurity needs to be a fundamental component of all medical practices.
Cybercriminals are targeting health care targets more often than in the past, which is not surprising given the immense damage they are causing. Amidst a constantly changing threat landscape, medical practices of varying sizes need to take proactive measures to safeguard themselves from these cybercriminals.
It’s not a question of if it will happen to you, but rather when. By routinely assessing your cybersecurity procedures, bolstering the security of your IT system, and educating your personnel to spot dangers, you can defend both your practice and your patients. The American Medical Association (AMA) is a strong advocate for doctors and provides a plethora of tools to safeguard patient medical records and data, as well as internal practice data.
Risk to the health care industry
Cybercriminals target the health care industry for a variety of reasons. More patient data is now at danger due to the long-term transition from paper records to digital data and the enormous number of entry points necessary for efficient exchange of electronic health information. While AI has been helpful in identifying and mitigating cybercrime, it has also made health care providers’ difficulties worse by enabling hackers to conduct extensive, automated social engineering attacks and swiftly pinpoint weak points in their targets, among other issues.
Data breaches continue to provide private medical information in addition to financial data, Social Security numbers, and Medicare numbers. Hackers exploit this information to perpetrate identity theft, insurance fraud, and other crimes, or they sell it to the highest bidder on the dark web. Credit card numbers may be cancelled, but information on electronic health records might remain vulnerable for years. For this reason, a cybercriminal carrying out an attack may find that stolen patient data is worth more than 50 times the amount of money they originally paid for a credit card number.
Phishing scams, denial of service assaults, ransomware attacks, spoofing, and other forms of cybercrime are becoming more and more dangerous. As seen by the terrible blow Change Healthcare and its clients endured in February 2024, so does their influence. Sensitive health information belonging to up to one-third of the country’s population may have been exposed to the dark web, costing more than $1 billion.
The recent July 2024 global IT outage, which was caused by a single cybersecurity company’s faulty software update, highlighted the vulnerability of the world economy and the dangers of IT concentration and centralization within the computer networks that we all rely so heavily on. In varied degrees, hospitals, health systems, medical laboratories, and doctor practices were all impacted, and recovery required a lot of work and time.
Actions that doctors can do
To ensure complete compliance with the HIPAA Security Rule and various Medicare programs, a comprehensive security risk analysis is the first step towards maintaining strong cybersecurity in the healthcare industry. But that’s just the beginning. Effective cybersecurity readiness and resiliency, like almost every other area of health care, need a collaborative effort to create a shared security awareness culture throughout your business. Developing that culture calls for ongoing training to assist medical professionals and employees in identifying and avoiding ransomware, phishing scams, malware, spyware, and other dangers.
Physicians can expect the AMA to assist in putting cybersecurity training into practice. For instance, the AMA Ed HubTM offers a carefully selected CME course titled “Cybersecurity in Medical Practice” that covers the causes, effects, and preventative measures of cyberattacks. In order to further safeguard computers used in medical practices, we additionally provide a checklist. Further AMA cybersecurity materials and advice describe the threats that exist today and provide information on national AMA cybersecurity advocacy. On its landing page dedicated to cybersecurity, the AMA offers more cyber resources.
In order to assist health care providers in enhancing cybersecurity and protecting their IT systems, federal entities such as the Cybersecurity and Infrastructure Security Agency provide vulnerability scanning and security assessment services in addition to other tools and knowledge. Here, health care professionals can access additional resources, information on best practices, and threat intelligence from the Department of Health and Human Services.
Although doctors are adept at many tasks, we are not cybersecurity specialists. In order to enable doctors to concentrate more efficiently on patient care, the AMA is prepared to assist medical professionals and their practices in achieving the highest standards of readiness, prevention, and incident response.
