How Small Healthcare Organizations Differ from Large Healthcare Providers with Regards to Security

The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations.

The survey engaged 130 small practices with 5 or fewer licensed providers and 129 large practices having six or more providers to fully grasp the security concerns they face and the actions every group has undertaken to protect against attacks and security breaches. Of the two groups of healthcare companies, over 50 % store above 90% of patient records digitally, for instance, patient records, medical backgrounds, and payment details. Though digital records are more reliable, there is a danger that attackers can obtain access to patient data.

Hackers are inclined to target larger-sized practices instead of small practices, according to the number of documented data breaches. 48% of big healthcare companies claimed they had suffered a data breach in the past times, and 16% claimed they had encountered a breach in the past year. About 1/4 of small practices had encountered a breach in past times with 5% encountering a breach in the last year. By far the leading reason for data breaches was human error. 46% of small practices and 51% of large practices mentioned human error was the major source of data breaches.

23% of small healthcare practices stated they had suffered a ransomware attack before, compared to 45% of big practices. 5% of the attacks on small healthcare companies and 12% of attacks on big healthcare organizations took place in the past year. 76% of small practices and 74% of large practices stated they could recover at least a portion of their information from backups without paying the ransom demand, which shows the value of having efficient backup guidelines. That is notably essential as paying the ransom doesn’t guarantee the recovery of files. 23% of small practices paid the ransom to retrieve their files compared to 19% of big healthcare companies, however, 14% of small healthcare organizations mentioned they didn’t get back their files after paying.

11% of large practices forever lost their records as a result of the attack, 7% recognized data loss and 4% paid for the ransom however still did not recover their files. Almost all of the healthcare companies failed to point out how much was the ransom paid. Two small practices stated they paid around $5,000 to $10,000 and two paid around $25,000 to $100,000.

To secure against attacks, healthcare institutions have enforced a selection of technical safety measures, with the most frequent tools including firewalls, antivirus software programs, email security solutions, and data backup technology. Small practices were paying more money as compared to big organizations in antivirus technologies, and whilst such alternatives are crucial, it is additionally necessary to make investments in email and networks security software. Large businesses with more funds were more inclined to spend money on those applications and be better secured because of this. Software Advice recommends that smaller healthcare organizations need to look at minimizing spending on antivirus applications and bettering email and network safety since that could help to avoid other data breaches.

It is crucial not to ignore the human part of cybersecurity, specifically since a large number of data breaches were traced to human error. Offering security awareness training to workers is required by the HIPAA Security Rule, nevertheless, it must not only be a checkbox alternative. Routine security awareness training to educate workers on how to find and stay clear of threats can considerably lessen the risk of a successful cyberattack however 42% of small practices and 25% of big practices noted they spent less than 2 hours on privacy and security awareness instruction for staff members in 2021.

Two-factor authentication is a vital security measure to stop the use of stolen credentials to gain access to accounts. Microsoft has in the past stated that two-factor authentication can prevent more than 99% of computerized attacks on accounts. It is good that 90% of large practices have used 2FA to some extent, nevertheless, small practices are a lot less probable to make use of 2FA to secure their accounts. 22% of small practices mentioned they haven’t put in place 2FA yet and 59% merely use 2FA on a number of software.

Using every data protection program available is not a wise solution as it allows you to be vulnerable to other strategies of attack or breach, for example, accidental exposure or human error. As an alternative, defend yourself on a number of fronts, advises Software Advice. That requires training workers, paying for the right security tools to safeguard data, and establishing an action plan to help minimize problems in the eventuality of a breach or attack.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.