Survey Says: 83 Percent of Physicians Report Cybersecurity Attacks

healthcare cybersecurity

Four out of five U.S. physicians surveyed reported experiencing a cyberattack, according to research from the AMA and Accenture. The role of electronic health information is growing, and the information itself is attractive to criminals interested in gaining private information. All of that makes cybersecurity a crucial issue for the healthcare industry and every patient, too. To keep your data safe, here are some training tips.

1. Don’t Assume Phishing Scams Are Easy to Spot

About 55 percent of those surveyed reported phishing, making it the most common type of cyberattack. You may already know to be suspicious of emails with a large number of grammar mistakes and attachments from unknown sources, but you need to be alert for trickier practices, too, according to Health Information Compliance Alert.

Be sure your team is aware of techniques like bait-and-switch where the emailer offers something like free EHR software that requires sending practice data. Social engineering is becoming more sophisticated all the time, so have your IT team or compliance officer ensure everyone is kept up-to-date on emerging trends.

2.Train at Every Level

Team members from entry-level to C-suite are all targets of cyberattacks, so don’t exempt anyone from training. The approaches may differ based on role, however.

Entry-level employees may face attacks that attempt to take advantage of their uncertainty in their new role, such as using accusatory language or claiming to be someone they’re not, such as a coworker.

Executives need to be on the alert for “whaling,” a type of phishing aimed at stealing high-level company information. The email may appear to be from a fellow executive. Watch for email addresses that are close to legitimate names, but are slightly different, for example, using the number 0 instead of the letter o. If the email indicates communication is available only be email, not phone, that is another indicator something may be wrong.

3. Be Vigilant After Disasters

Watching out for scams can be tough when you’re focused on disaster recovery, but cybercriminals count on that. Plan ahead so you don’t put yourself at extra risk if disaster strikes.

Medicare Compliance Reimbursement suggests strategies like backing up data, storing backups in secure offsite locations, and encrypting the backups. Team members should know the exact process that will happen if the backups must be accessed so no one falls prey to scammers claiming to be involved.

What About You?

What sorts of cyberattacks and attempts have you seen? How did you spot and avoid them?



Deborah concentrates on coding and compliance for radiology and cardiology, including the tricky world of interventional procedures, as well as oncology and hematology. Since joining The Coding Institute in 2004, she’s also covered the ins and outs of coding for orthopedics, audiology, skilled nursing facilities (SNFs), and more.

, ,

Leave a Reply