CHICAGO — More than four in five U.S. physicians (83 percent) have experienced some form of a cybersecurity attack, according to new research released today by Accenture and the American Medical Association (AMA). This, along with additional findings, signals a call to action for the health care sector to increase cybersecurity support for medical practices in their communities.
The findings, which examined the experiences of roughly 1,300 U.S. physicians, underscore the recognition that it is not “if” but “when” a cyberattack will occur. More than half (55 percent) of the physicians were very or extremely concerned about future cyberattacks in their practice. In addition, physicians were most concerned that future attacks could interrupt their clinical practices (cited by 74 percent), compromise the security of patient records (74 percent) or impact patient safety (53 percent).
“The important role of information sharing within clinical care makes health care a uniquely attractive target for cyber criminals through computer viruses and phishing scams that, if successful, can threaten care delivery and patient safety,” said AMA President David O. Barbe, M.D., M.H.A. “New research shows that most physicians think that securely exchanging electronic data is important to improve health care. More support from the government, technology and medical sectors would help physicians with a proactive cybersecurity defense to better ensure the availability, confidentially and integrity of health care data.”
The findings show the most common type of cyberattack was phishing—cited by more than half (55 percent) of physicians who experienced an attack—followed by computer viruses (48 percent). Physicians from medium and large practices were twice as likely as those in small practices to experience these types of attacks.
Nearly two-thirds (64 percent) of all the physicians who experienced a cyberattack experienced up to four hours of downtime before they resumed operations, and approximately one-third (29 percent) of physicians in medium-sized practices that experienced a cyberattack said they experienced nearly a full day of downtime.
In addition, the vast majority (85 percent) of physicians believe it is very or extremely important to share personal health data outside of their health system—they just want to do it safely. Two-thirds believe that greater access to patient data both inside (cited by 67 percent) and outside (65 percent) their health system would help them provide quality patient care more efficiently. In addition, a significant majority (83 percent) of physicians said that HIPAA compliance alone is insufficient and that a more holistic approach to assessing and prioritizing risks is needed.
“Physician practices should not rely on compliance alone to enhance their security profile,” said Kaveh Safavi, M.D., J.D., head of Accenture’s global health practice. “Keeping pace with the sophistication of cyberattacks demands that physicians strengthen their capabilities, build resilience and invest in new technologies to support a foundation of digital trust with patients.”
These findings are part of a research collaboration between the AMA and Accenture to raise physician awareness and understanding of cybersecurity practices. More information on the findings can be found in the research deck.
Accenture and the American Medical Association (AMA) surveyed 1,300 physicians in the United States to assess their experience and attitudes toward cybersecurity, data management and compliance with the Health Insurance Portability and Accountability Act (HIPAA) guidelines. The online survey was conducted between July 2017 and August 2017. To support the survey, in-depth research and 12 phone interviews were conducted prior with physicians, technology officers and administrators.
Robert J. Mills
ph: (312) 464-5970
About the American Medical Association
The American Medical Association is the physicians’ powerful ally in patient care. As the only medical association that convenes 190+ state and specialty medical societies and other critical stakeholders, the AMA represents physicians with a unified voice to all key players in health care. The AMA leverages its strength by removing the obstacles that interfere with patient care, leading the charge to prevent chronic disease and confront public health crises and, driving the future of medicine to tackle the biggest challenges in health care.