Cybercrime has evolved and increased substantially over the past ten years particularly in the financial services and retail sectors where a high volume of data is retained, in particular financial information. These industries have therefore had a head start on developing strategies to mitigate and prevent cyber-attacks.
Due to the vast quantity of information collected by the medical industry, only recently has the industry begun to implement online and document management systems in which to store patient data on a large scale.
The significant amount of sensitive information being collected, and the fact that these systems are relatively new to the sector can mean that medical practices are potentially less prepared for cybercriminal attacks.
The emergence of electronic health records and healthcare portals for patients and providers has made it easier to access and share medical information, but it has also opened the floodgates for cyber criminals.
The value of your medical records are far greater than other data such as credit cards, as the extent and detail included in medical records has broader utility, especially identity theft and fraud.
In June 2013, almost half of the breaches identified by the Identify Theft Resource Center in the United States were in the medical / healthcare industry and this is only expected to grow with the increased adoption of patient portals which empowers individuals to become involved in their own care (i).
The World Privacy Forum has reported that the average payout (street value) for a medical identity theft is $20,000, compared to $2,000 for a regular identity theft.
The other big issue is the increased prevalence of data hacking and hijacking which could paralyse a medical practice. In late 2012, a Queensland medical centre had its patient records hacked and hijacked and were ordered to pay $4,000 to Russian cyber criminals for them to release the records (ii). The practice continued to operate but have a think about how hard it would be to look after your patients, and operate your business without their history.
How would one of your patients feel if they knew that somebody had accessed their information?
New regulations such as the Privacy Act require medical practices and clinics to implement administrative, physical and technical processes and procedures to ensure the integrity and privacy of patient records and other sensitive medical data is upheld.
It is our recommendation that Medical Practice owner's regularly review their network and website security to ensure they are adequately protecting you against cyber-attacks.
It is also essential to review your insurance program in order to minimise the impact of any violation to your business – both to its reputation and finances.
To find out more about Cyber Liability Insurance and the implications for your business please contact one of our insurance brokers by submitting a broker contact form or call 1300 424 627.
This insight article is not intended to be personal advice and you should not rely on it as a substitute for any form of personal advice. Please contact Whitbread Associates Pty Ltd ABN 69 005 490 228 Licence Number: 229092 trading as Whitbread Insurance Brokers for further information or refer to our website.