Providers: Email is main data breach culprit
- Providers overwhelmingly rank email as the No. 1 source of potential data breaches, a new Mimecast and HIMSS Analytics survey shows.
- More than nine in 10 respondents said email was crucial to their organization, with eight in 10 saying they use it to send personal health information — typically to other providers. Of those who use email regularly, 43% said downtime was not an option.
- More than three-fourths of respondents (78%) reported experiencing a ransomware or malware attack in the past 12 months and nearly a quarter had 16 or more attacks during that time.
The survey data also show providers are looking to strengthen security. Nearly all of the respondents — about 95% — said preventing malware and/or ransomware attack is a top priority in their organization. The second highest objective was “training employees about how to be diligent when it comes to cybersecurity.”
The survey underscores the vulnerability of providers — and email in particular — to cyber criminals. In May, many hospitals in the UK were forced to suspend routine services and accept only emergency patients after an international cyberattack froze their computers. In all, the WannaCry ransomware attack struck businesses in at least 112 countries.
A study released Tuesday by Accenture and the American Medical Association found four out five doctors have suffered cyberattacks. More than half (55%) were victims of email phishing expeditions. The next most common type of attack was computer virus, which 48% reported having experienced.
Of physicians who experienced a cyberattack, nearly three in 10 with medium practices reported nearly an entire day of downtime as a result. As with the Mimecast-HIMSS survey, sharing personal health data between providers was a high priority.
The surveys come as new research suggests that email-based systems for care coordination could help to improve outcomes and provider satisfaction. In a study in the American Journal of Accountable Care, patients whose post-discharge care was coordinated via secure team-based emails had significantly higher rates of 7-day follow-up visits and fewer readmissions than patients who did not.
Such systems also have the benefit of not requiring high-cost EHR systems of lots of provider training. But as recent studies suggest, cybersecurity should be a top concern with email containing personal health information.