Computerization of healthcare in general, and medical records in particular, has opened additional areas of liability for medical practices that many may not be addressing. A data breach of patient records can have major financial and business impacts on the practice when they occur.
Data Intrusions Increasing
The number of data intrusions hit a record high in 2014, according to a report from Identity Theft Resource Center. It also found that the industry with the most breaches was the “medical/healthcare” category. This accounted for 42.5% of the total across all industries.1
“Around 90% of healthcare providers reported one or more data breaches over the last year according to our survey,” says Larry Ponemon, PhD, chairman of the Ponemon Institute in Traverse City, Mich. “Forty percent said they had five or more intrusions into their computer systems.”2
Data leakage can be a very expensive proposition. Healthcare-specific laws and regulations put added requirements on medical professionals that run the cost up. The latest iteration of the Ponemon Institute’s research into the costs of data breaches shows the average cost per medical record compromised was $398. A patient panel of just 2,500 could easily result in a $1 million loss to the practice. The mean cost over all surveyed industries was $271 per breach.3
To address these financial issues, many practices are looking into cyber insurance (CI). The actual policy will change depending on the kinds of risks you are insuring and how much you want to spend.
All Size Practices at Risk
For most physicians, there is a view that they are small and are not likely to draw the attention of a hacker. This is bad thinking for a lot of reasons.
“People think that most hackers are kids overseas who have just consumed eight caffeine drinks and will go after the big fish, leaving [them] alone,” says Michael Overly, Esq., information security attorney at Foley & Lardner LLC, in Los Angeles. “Hackers are a well-organized industry, where one e-mail virus may be sent to millions of addresses. If one of your employees clicks on this e-mail, your computer system may be compromised.”
He has seen spoofing e-mails that look as though they came from someone well known in the field. Mr. Overly says he can almost guarantee that 40% or more of the recipients wouldn’t be able to resist the temptation to open the message.