Back to top

Medical Cybersecurity: A Patient Safety Issue

Study finds 83% of physician practices experienced a cyberattack; HIPAA is a must but not enough, and reliable IT vendors are just part of the solution.
Back to top

A national survey reveals 83% of 1,300 physician practices surveyed already have experienced a cyberattack—increasing the need to better support medical practices.

According to the survey, conducted by the AMA and Accenture, the theft of private patient information and loss of access to critical medication lists, diagnoses and lab results are of great concern for physicians. Most physicians experience significant downtime before being able to resume operations. Phishing and computer viruses are the most common types of cyberattacks on physician practices.

The AMA and Accenture collaborated on the first-of-its-kind, 3-part cybersecurity analysis—designed and conducted from January to October 2017—which included a quantitative survey, a literature search and qualitative interviews.

The research showed the physician’s perspective missing from many major cybersecurity efforts and the AMA aimed—along with Accenture—to better include the physician’s voice in cybersecurity efforts going forward.

The main findings identified 3 key themes:

1. Cybersecurity is a patient safety issue.

Cybersecurity must not be viewed only as a technical issue. Stakeholders from health IT, health systems and the federal government have to come together to protect patients’ health information.

2. Physician practices rely on health IT vendors for network and system security.

Most practices do not have internal security support and must sort through a lot of information to find trusted vendors. The AMA wants to ensure physicians understand good cyber hygiene and is partnering with organizations like HITRUST to offer workshops and resources on good cyber hygiene to assist small and mid-sized practices. 

3. HIPAA compliance is not enough to protect patient records.

Of the physicians surveyed, 85% believe it is crucial to share electronic data outside of their health system for quality care but want to do it safely. They need ways to provide secure electronic protected health information.

As awareness of the critical issues increases, the AMA will elevate the physician’s needs in Washington and continue to develop resources that help physicians create a culture of good cyber hygiene while reducing unnecessary administrative burden.

Download the Complete Research Findings

Print this page Email this page