Smaller medical practices are being targeted for cyberattacks: Here’s how to strengthen defenses

It's almost impossible to miss the news of the latest data breaches that cyber criminals have inflicted on large healthcare organizations (HCO). Anecdotally, it seems as if almost no HCO data can be declared 100% secure. Factually, of course, this is not the case. Most HCOs are deeply committed to cybersecurity, and are constantly upgrading, patching, and reinforcing their defensive posture.

Even a seemingly airtight cybersecurity approach can be defeated by a crucial misstep along the way. In reviewing the largest healthcare data breaches of 2023, 95% were related to business associates and other non-hospital healthcare entities. Cybercriminals are finding the weakest link in the chain of HCO defenses.

For example, during a Senate Finance Committee hearing on an HCO cyberattack, lawmakers were taken aback when it became clear that a hacker group gained access to a server that didn’t require multi-factor authentication for users, and inserted ransomware. Senator Ron Wyden, remarked, “This hack could have been stopped with cybersecurity 101.” The HCO subsequently paid a ransom of more than $20 million.

The lasting impact of that ransomware attack is still being sorted out. The American Hospital Association reported that 77% of practices experienced service disruption, and 80% more lost revenue from unpaid claims.  Additionally,  85% of practices had to commit added staff time and resources to what those respondents considered a substantial use of workarounds.

This devastating breach of a seemingly well-protected major HCO begs the question: If large HCOs can be compromised by ransomware groups through a simple mistake, what chance do small practices have for cyber defense?

The risk for smaller practices

Infosecurity Magazine reports that “nearly three-quarters (73%) of US small business owners reported a cyber-attack last year, with employee and customer data most likely to be targeted in data breaches, according to the Identity Theft Resource Center (ITRC).”

According to the latest American Medical Association Physician Practice Benchmark Survey, the share of physicians who still work in smaller private practices is 46.7%. That number has been trending downward over the past 12 years, but that’s still a huge chunk of the nation’s healthcare system. Cybersecurity experts acknowledge that the healthcare industry faces challenges in defending their organizations because many organizations are in the red or just barely covering expenses. Many health systems have limited resources to invest in cybersecurity. 

According to The New York Times, “Despite the risk, smaller hospitals and doctors’ practices often don’t have the money to pay for enhanced security measures or the expertise to examine serious threats. And older technology is rarely compatible with the latest cybersecurity standards; a hodgepodge of connected products and vendors leaves digital side doors open, luring hackers.”

That article further asserts that when budgetary constraints are an issue, that “some hospitals will continue to spend money on the latest M.R.I. technology or more nurses over stringent digital protections.” 

“Without additional resources to raise the bar, those healthcare providers and those healthcare payers are going to continue to make choices to pay for treatment or for cybersecurity,” said Iliana Peters, a former federal health official specializing in data security.

Smart cybersecurity steps for small practices

There are steps small practices can take that will significantly improve their defense against cyber-attacks in a cost-efficient manner. Clinicians and smaller healthcare clinics face the same security challenges that large HCOs do but may not have the resources or IT staff necessary to secure their data. These smaller organizations can access connectivity and firewall solutions that enable fast, secure access to patient data and seamless communications.

Practices of any size can secure a single- or multisite network with a scalable all-in-one healthcare managed service. The best services available today include the equipment, connectivity, management and support they need.

Small practices should seek out effortless, faster connectivity that provides enduring protection against internet threats – without unnecessary features that add costs or complexity. In this way, they can improve overall business productivity and simplify operations while never worrying about cyber protection for their business location nor a technology that locks in their options.

There are dedicated fiber internet services available which include a 100% uptime performance guarantee, based on SLA (Service Level Agreement). These include managing the internet service into the individual practice sites and the router and security device to ensure a complete, and quality end-to-end service. Integrated security, router and internet service can be combined into one price point and supported by one vendor for a streamlined client experience. 

Hospitals and practices of all sizes can modernize their networks now, and rely on fast, symmetrical fiber-powered internet connectivity up to 100 Gbps to power their digital health transformation efforts when they choose flexible, scalable solutions from trusted partners.

How Spectrum Enterprise can help

With a scalable, flexible and reliable IT infrastructure, HCOs can leverage the full potential of their current digital tools and technology, foster further innovation, protect Personal Health Information (PHI), and meet future consumer demands. A strong infrastructure partner that understands the healthcare industry can support HCOs in these efforts.

Our secure solutions enable dependable, fast, and safer access to the Internet and cloud-based applications, which helps providers and their employees conduct business and deliver healthcare with fewer interruptions and cybersecurity risks. We offer attractively priced, all-inclusive, dedicated internet access, a managed router and integrated advanced, managed security and the ability to add features and capabilities (WiFi, cameras, etc.) simply and quickly.

The security protections we provide include a Next Generation Firewall and Unified Threat Management (UTM), providing strong security over users, content, and applications, plus visibility into security threats – all through a cloud-based security dashboard.

Spectrum Enterprise provides technology solutions to 80% of the largest health systems in the US, and partners with healthcare organizations of all sizes. Learn more about HITRUST and HIPAA-compatible solutions that can secure a single or multi-site network with the equipment, connectivity, management, communications and support needed to spur digital healthcare transformation.