Healthcare Cybersecurity: Risks and Solutions

Cybercrime costs the U.S. economy billions of dollars each year—and healthcare organizations are the most frequently attacked form of business. Cybercriminals target healthcare for two main reasons: Healthcare organizations fail to upgrade their cybersecurity as quickly as other businesses, and criminals find personal patient information particularly valuable to exploit.


Feb 08, 2019
Top Business Risks for Medical Practices Report
For doctors today, the threat of legal action extends far beyond malpractice claims—and the medical industry as a whole is seen as a prime target with deep pockets. This report includes how to reduce employment-related lawsuits, top medical billing and coding risks, how to mitigate billing errors and omissions, reducing exposure to cyberattacks, and more.

Feb 08, 2019
Cybersecurity and Data Breaches Report
It’s not a matter of if a data breach will occur in your medical practice—it’s a matter of when. Make sure your practice is prepared with this guide, which covers how to comply with HIPAA rules in the event of a breach, how to thwart ransomware attacks, how to combat password theft, and more.

Sep 17, 2018
Ransomware Attack Options: Restore, Pay, or Lose Patient Data
Craig Musgrave, Senior Vice President, Information Technology
Ransomware is an attack where a business or individual’s computer system is held hostage by cybercriminals until a ransom is paid. Hospitals, medical practices, and businesses should take full precautions to prevent a hack that results in ransomware being installed.

Jul 30, 2018
Cybersecurity Insurance for Medical Practices—The Basics
David J. Eismont, ARM, Senior Director of Business Development
More medical practices are purchasing an insurance policy to cover the substantial costs of a data breach. Here is an overview of what your practice can expect from a cybersecurity policy.

Jun 12, 2018
Digital Medicine and the Future of Healthcare
The digitization of medicine is transforming the entire healthcare system—new technologies like mobile apps and wearables bring both benefits and risks, patient access to healthcare is evolving, EHRs have created new patient safety risks, and artificial intelligence is evolving to play a role in future patient care.

Jun 06, 2018
Is It Safe to Store PHI on Remote Cloud Servers?
David McHale, Senior Vice President and Chief Legal Counsel
Cloud storage is a convenient and cost-effective solution for medical practices and facilities, but precautions must be taken to ensure stored patient data (PHI) is secure. This article has tips for choosing a cloud service provider.

May 03, 2018
Healthcare Technology Risks and Rewards: Faster, Cheaper, Safer
David Chou, Vice President/Chief Information & Digital Officer, Children’s Mercy Kansas City, shares his insights on balancing the cybersecurity risks and patient care improvements of healthcare technology.

Apr 05, 2018
Big Data, EHRs, and Patient Care: How Healthcare Is Evolving
Shereese Maynard, a healthcare and health IT strategist, discusses how EHRs, cybersecurity, and big data are affecting medical practice management.

Professional Education
Cybersecurity and Data Breaches
Cyberattacks or data breaches can significantly damage any size or type of group practice. Designed for doctors and staff, this activity heightens awareness about the most common ways that cyberattacks and breaches occur and what each person can do to prevent patient information from being exposed or stolen.
1.25 Credits

Oct 16, 2017
Electronic Health Record Closed Claims Study: Navigating the Rising Risks of EHRs
The number of malpractice closed claims in which EHRs were a contributing factor has increased continuously over the past 10 years. While EHRs have brought many positives, they have also created new risks and frustrations for doctors and patients.

Jun 12, 2017
Cyberattacks Threaten Patient Safety
Robin Diamond, MSN, JD, RN, Senior Vice President of Patient Safety and Risk Management, The Doctors Company
When it comes to cybersecurity, more than money and IT security are at risk—patient safety is also compromised by a cyberattack.

Jun 12, 2017
Cybersecurity Must Be Part of Every Healthcare Professional’s Job
Craig Musgrave, CIO, The Doctors Company
Recent cyberattacks have been devastating. They’ve cost billions of dollars, angered and potentially endangered patients, eroded the reputation of healthcare organizations, and left institutions and individual physicians exposed to HIPAA violations. Cybersecurity is no longer just an IT issue. Every employee and every organization needs do their part.

Video Feb 07, 2017
Could Hackers Threaten the Future of Medical Devices?
Pacemakers, insulin pumps, and other medical devices communicate to a network via the Internet. As a result, hackers have the capacity to harm an individual by compromising those devices—for example, stopping a pacemaker or turning off an insulin pump.

Video Feb 07, 2017
Paying Cyber Ransom: Pros and Cons
If ransomware strikes a healthcare organization, the cybercriminals behind the attack will demand a payment in exchange for restored access to the organization’s data. Typically the demand is for bitcoin equivalent to less than $10,000. Paying the ransom may be an attractive option if a healthcare organization’s entire network has been compromised and no reliable backup exists. However, there are several compelling arguments against paying.

Video Feb 07, 2017
3 Steps for Ransomware Defense
While no environment is completely secure from cyberattack, a healthcare organization can take steps to reduce the likelihood that it will suffer the consequences of ransomware.

Video Feb 07, 2017
Ransomware: Do's and Don'ts
Panic is the typical reaction when a healthcare organization suffers a ransomware attack. If an organization lacks a thought-out response plan for this type of crisis, people tend to overreact. They may do things that will make it harder to recover from the attack and could increase future liability. But an organization can avoid panic by having an incident response plan in place. This plan should provide a framework of actionable steps, including what to do, who is going to do it, and what is going to happen as a result.

Video Feb 07, 2017
Patient Data Trafficked on the Dark Web
Cyberattacks in the healthcare industry have proliferated for two main reasons. One, cybercriminals can sell PHI at a high price on the dark web (the online market where stolen data is bought and sold). Two, healthcare organizations are vulnerable to cyberattacks because they lack the defenses of banks and other financial institutions. Particularly attractive to cybercriminals are midsized healthcare organizations, which in general are underprepared to counter this threat.

Video Feb 07, 2017
Ransomware Threatens Patient Care
Cybercriminals typically target healthcare organizations using malicious software, or malware. Most malware is programmed to steal data and take it outside of the network. But cybercriminals today are often choosing a different form of attack: ransomware. A ransomware attack uses encryption to prevent the healthcare organization from accessing its PHI. This puts the healthcare organization in a serious crisis, as PHI is critical to providing care to patients.

Video Feb 07, 2017
Why Cybercriminals Prefer Bitcoin
Currency is a means of exchange typically sanctioned by a central body like a government or central bank. Bitcoin, however, is a decentralized digital currency based on a public ledger secured by cryptography. As a result, bitcoin transactions are largely irreversible and untraceable. This makes bitcoin and other digital currencies attractive to cybercriminals. They give cybercriminals a means of monetizing their attacks anonymously—one reason that ransomware attacks have proliferated.

Jul 26, 2016
Ransomware Attacks: HIPAA Burden Falls to the Hospital or Medical Practice
Craig Musgrave, Senior Vice President, Information Technology, The Doctors Company
Under its recently released guidance, the Department of Health and Human Services (HHS) now presumes that a ransomware attack compromises electronic protected health information (ePHI)—unless the HIPAA-covered entity can prove otherwise.

Video Jul 14, 2016
Data Overload: Doctors, Apps, and Wearables
More and more patients are using mobile healthcare apps and wearables, giving them the ability to monitor their own health signs, like activity levels and blood sugars. But for doctors, collecting 24/7 data from their hundreds of patients is overwhelming and currently not doable. What tools or systems do we need to put in place to address this digital health data overload? Robert M. Wachter, MD, explains two possible solutions in this video from The Doctors Company’s 2016 Executive Advisory Board.

Video May 06, 2016
Seven Tips to Help Stop Ransomware
Preparation is key: Once you've been hit by ransomware and your hard drives encrypted, your options are incredibly limited. This video shares the top seven tips you need to know to help your medical practice or hospital prevent or recover from a ransomware attack.

Cyber Liability Protection for Members

Medical malpractice insurance from The Doctors Company automatically includes CyberGuard® cyber liability coverage, which protects doctors against regulatory and liability claims arising from the theft, loss, or accidental transmission of patient or financial information, as well as the cost of data recovery.

Stay in the Know

Sign up for The Doctor’s Practice.

Our e-newsletter features timely articles, videos, and guides on a range of patient safety topics.

SUBSCRIBE ­

Follow us: Follow The Doctors Company on Twitter Watch The Doctors Company on YouTube The Doctors Company on LinkedIn Like The Doctors Company on Facebook

© The Doctors Company. All rights reserved. Legal Notices and Privacy Policy | Glossary of Insurance Terms