65% of Australian organizations have experienced some form of cyber-crime in the past two years, and as medical and dental records are worth more to hackers than credit cards it’s no wonder why practices are being targeted.
The cyber risks facing the health industry are often overlooked by doctors and dentists who are unaware how susceptible their practices are to hackers. In May, 2017 a large scale, global cyber-attack using WannaCry malicious software affected much of Europe including Britain’s National Health Service. The attack affected 70,000 devices which includes computers, MRI scanners, blood storage refrigerators and theatre equipment. Data was encrypted and held to ransom by the hackers.
Despite popular belief, it’s not just large health organizations that are at risk. Many Australian practice owners feel that being a small business means they have less chance of being singled out by hackers, however with attacks on health care providers across the world at an all-time high, cyber risks should not be overlooked. Small businesses often have less system security and a lower risk of detection for infiltrators which make them ideal victims.
Breaches of privacy are not just a significant concern for patients, but practice owners too. The Australian Government has passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 which is designed to protect the privacy rights of individuals and force businesses to be held accountable for the security of their systems and sensitive data. The bill will require Australian businesses, including medical and dental practices to notify all individuals affected by a data breach. A data breach under the new legislation could have major financial and reputational impacts on Australian practices affected by cyber-attacks with an increased risk of litigation along with civil penalties of up to $1,800,000 for failure to report a serious breach.
Unfortunately for the health care industry hackers see lucrative opportunities in targeting practices. Patient records are often used by hackers for illegal prescriptions, medical fraud, insurance fraud, identity fraud, tax fraud and even blackmail, with health records fetching as much as $2,000 each on the black market in the United States, who have had mandatory reporting laws since 2002.
Backing up regularly, having firewalls or using a cloud based system does not guarantee that your practice will be safe. Whilst these measures provide some level of protection they are not impenetrable. Hackers are endlessly finding new ways to gain access to their victims’ computer systems, and can easily achieve this using a bogus email or a hole in the practice security system. If your practice has an internet connection then you’re exposed. This means it’s not a matter of if your practice will be hacked, but when! Practices that do not have adequate protection against cyber-attacks are at risk of significant financial loss, or even closure.
There are many costs involved with a cyber-attack such as lost revenue from an interruption to the business, data restoration costs, virus extraction fees, patient notification costs (due to mandatory reporting legislation), fines and penalties incurred as a result of privacy breaches, virus extraction costs and even extortion/ransom costs. As well as these immediate costs an affected practice may suffer a long term loss of revenue due to a tainted reputation. 60% of small businesses have closed within one year of a data breach due to financial and reputational loss.
Fortunately there is help available to protect against hacking and cyber-attacks. Cyber insurance can safeguard your practice revenue, patient data and cover your liability and response costs in the event of an inevitable breach.
For more information on how to protect your practice against cyber risks contact Dental and Professional Essentials.