Dive Brief:
- New research released by Accenture and the American Medical Association (AMA) Tuesday found that four out of five doctors have experienced a cybersecurity attack.
- The most common type of attack was phishing, experienced by 55% of those experiencing an attack, followed by computer viruses, which 48% reported as part of an attack.
- AMA President David Barbe says the study shows the need for the government, technology and medical sectors to take a more active roll to stop future cyberattacks to ensure the confidentially of healthcare data.
Dive Insight:
More than half of physicians told researchers that they were very or extremely concerned about future cyberattacks, noting the impact such attacks could have on their practices. More than half thought such attacks could impact patient safety, and nearly three-quarters thought a future attack could interrupt their clinical practices and compromise patient records.
Physicians who experienced a cyberattack also responded in widely varying ways: only 11% notified the Department of Homeland Security or the FBI, and 10% notified the Office of Civil Rights. A little more than half (59%) implemented written policies or procedures, and 56% told their EHR or health IT vendor they experienced the cyberattack.
The research found that 64% physicians who have already experienced a cyberattack had four hours or less of downtime before being able to resume normal operations, but 29% of those with medium-sized practices had almost an entire day of interruption. In addition, 8% canceled patient appointments due to a cyberattack.
While AMA and Accenture found that 85% of physicians say it is very or extremely important to share personal health data between health systems, 75% say EHR security is an area of concern. The survey found physicians may be increasingly comfortable with the role of electronic data in healthcare, with 65% of physicians saying such access would help them provide quality patient care more efficiently.
The findings come days after the American Hospital Association asked the Food and Drug Administration to take a more active role overseeing medical device manufacturers’ cybersecurity, recommending that the agency issue guidance to outline clear expectations on how to secure products.
A recent Senate bill, the Data Security and Breach Notification Act would hold company executives criminally accountable with a sentence of up to five years if data breaches are not promptly reported.