HOW TO PREPARE FOR A CYBER BREACH
John Southrey, CIC, CRM, Director,
Product Development and Consulting Services, TMLT
Data breaches continue
to be rampant in health
care, and the financial
impact to physicians
and patients can be
greater than expected. It is widely
known among cyber criminals that
healthcare organizations generally
have limited security budgets and
inadequate data safeguards, making
them easy targets for cyberattacks.1
As the use of various forms of
technology — such as internetconnected
medical devices and health
data sharing — increase throughout
health care, so will cyber risks. And
the direct and indirect costs of a
breach can be devastating.
Direct costs of a breach can
include:
Wayne Wenske,
Senior Marketing Coordinator, TMLT
• fees for legal counsel
• IT forensic expert fees
• breach notification expenses
• third-party damages
• regulatory fines and penalties
Indirect costs can include:
• loss of income
• expenses to deal with the incident
• potential loss of revenue from
reputational harm caused by
adverse media about the breach
Cloud-based breaches
Breach incidents can occur on or
off premises, including in the cloud.
Therefore, moving data to the cloud
does not eliminate cyber risks.
More healthcare organizations are
relying on uninterrupted access to
28 Dallas Medical Journal November 2018
cloud-based information to conduct
their operations. If a cyberattack
causes the cloud’s network to go
down, this dependence can expose
medical practices to a damaging
business interruption.
This kind of breach can be
especially disruptive for a practice
without contemporaneous data
backup, or if access cannot be
restored in a timely manner. Even if
the practice has a real-time backup,
restoring corrupted data can take days
or weeks.
The Allscripts ransomware attack
in January 2018 is a prime example.
The attack shut down two data
centers that hosted Allscripts’ EHR
systems and software used for the
electronic prescribing of controlled