Could an Increase in Cybercrime Put Your Practice at Risk?
More eye care businesses than ever are using cloud services and “smart” technology to conveniently host and share patient data across devices. Unfortunately, this can mean that your sensitive data is less secure — and hackers may have already noticed.
If you don’t take steps to ensure that your data is secured against outside threats, the consequences could be major.
The Basics of Ransomware and Data Breaches
You’ve probably heard about ransomware attacks. They’re becoming more and more common; in fact, one occurs every 11 seconds, according to Cybersecurity Ventures.
Ransomware is a type of malware that prevents you from accessing your computer or system files — either by locking your computer from functioning or encrypting the files themselves, until a ransom is paid. This is a type of data breach, an event in which your practice and your patients’ private data is not only accessible to unauthorized individuals but can be shared or sold to others for profit.
Unsecure Data Puts Your Practice at Risk
In today’s digital world and with the prevalence of ransomware attacks and data breaches, it’s more important than ever for eye care practice to ensure compliance and protect their patients’ data. Here are just a few significant ways your practice will suffer if your patients’ sensitive data is compromised:
HIPAA Fines and Costs of Notifying Patients
If your patients’ PHI (Protected Health Information) is compromised in a data breach, you could be found in violation of HIPAA, and fined as high as $50,000 per violation. And the costs associated with unsecure data don’t stop there.
In addition to potential penalties from HIPAA, you’ll also be required to notify all patients who “may have been” affected by the breach, which can easily add up. The estimated average data breach exposes about 2,700 patient records and adds about $10,000 to your bill.
When you start sending letters to your patients notifying them that you may have mishandled their personal information, it can be embarrassing and damaging to your credibility as a provider.
You may also be added to the Office of Civil Rights’ “HIPAA Wall of Shame” where your practice’s failure will be open to the public. The OCR website displays all breaches on their site for two years with the practice name and type, your state, how many individuals were affected, the type of breach, when it was reported, and where it happened.
Consumers are increasingly filing lawsuits towards various industries over data breaches. And healthcare organizations make up the largest percentage among all industries, according to recent findings from national law firm, BakerHostetler.
Your patients affected by a data breach will likely file class action lawsuits — which can have enormous financial implications if a court finds your business liable for damages.
Think It Can’t Happen to You?
Many independent practices dismiss cybersecurity issues as concerns that only larger practices face. The reality is that hackers will go after any unsecured networks and target businesses regardless of size if they see an easy opening.
Take the case of Summit Eye Associates: a small, single location, five doctor practice in Hermitage, TN. Like many other eye care practices, they trusted Eye Care Leaders as their EMR provider, keeping their patient records organized and accessible. So, when Eye Care Leaders had their user data compromised leading to an unsecured PHI for 16 known organizations, and almost 600,000 patients — that included Summit Eye Associates’ patients, too.
Eye Care Leaders isn’t a HIPAA covered entity but Summit Eye Associates certainly is. If the pending HIPAA investigation finds that they didn’t perform their due diligence, they could face a hefty fine. This is on top of the cost of notifying affected patients of the potential breach and a potential place on the Wall of Shame.
PCS Can Help Prevent Potential Risk Areas
If you’re concerned because you don’t quite understand the ins and outs of cybersecurity and wondering if you might be at risk, PCS can help. Already, breaches and ransomware attacks are so common that we consult with our clients multiple times per month regarding these cyberattacks.
A partnership with PCS means we’ll audit every part of your practice, including your systems and IT security. Request more information or a demo and get started today!