Dive Brief:
- More than 9 in 10 corporate healthcare lawyers see their organizations as being more at risk for cybercrime than organizations in other industries, according to a new nationwide survey jointly undertaken by Bloomberg Law and the American Health Lawyers Association.
- The feedback from almost 300 healthcare attorneys was released just ahead of the yearly meeting of the Association of Corporate Counsel.
- The attorneys' responses provide insight into how they view the threat of hacking and how their healthcare organizations are preparing or not.
Dive Insight:
The responses from healthcare attorneys indicated most are involved in helping to manage their organizations' cybersecurity concerns, with 84% saying they have been involved in determining whether an incident necessitates reporting and in developing internal policies. Furthermore, 97% said they expect their involvement in cybersecurity concerns to continue to increase over the coming several years, and more than 70% are working to develop data security expertise to fulfill that need.
However, the responses from both law firm attorneys and corporate counsel reveal concerns that current preparations are not enough as 40% reported their organizations' or clients' plans are too generic, lack specific guidance, and lack adequate testing. In addition, one-third said their organizations' plans were out of date for dealing the latest types of cyberthreats or organizational changes.
A separate report published earlier this year found healthcare entities to indeed be a hot target, drawing 88% of ransomware attacks during the second quarter of 2016, and suggested the healthcare industry is partly to blame.
"While it is encouraging that health care attorneys are on the front lines of preparing for and responding to cyber incidents, it is apparent from this survey that there is much more that needs to be done," stated Bloomberg Law's Scott Falk, Vice President and General Manager, Health Care and Litigation. Both Bloomberg Law and the American Health Lawyers Association recommended improved, formal cybersecurity education for healthcare lawyers, to help them better counsel their clients on preventing and responding to breaches.