Risk Assessment

Is Your Healthcare Practice Spending Enough on Cybersecurity?

Featured image for Is Your Healthcare Practice Spending Enough on Cybersecurity?

Is your Healthcare Practice Spending Enough on Cybersecurity?

When building the budget for your healthcare practice, you may be tempted to look for areas where you can cut corners.

You might think of Cybersecurity as somewhere you can scrimp and save a little because “it’s not likely to affect me” or “it won’t be visible from the outside if I don’t spend as much in this area”, as opposed to physical security measures, which are much more visible in the forms of security cameras and alarm systems.

However, you may want to think twice about this mindset. If you are the victim of a security breach, the cost will be much higher than you could expect to spend on robust Cybersecurity.

And while insurance may cover the cost of physical equipment if it is stolen, you may be out of luck if a hacker gets hold of sensitive data and holds it for ransom.


Every day, data is stolen or encrypted, and money is being extorted from organizations to get their information back.


The recent attack on SolarWinds, a cybersecurity provider, shows that anyone can be a target.


Just as there is good business sense in finding cost savings where it’s reasonable to do so, there is also good business sense in ensuring you are protected against threats – including those which lurk in cyberspace.

Keep reading to learn more.


For an even better understanding, listen to this short podcast about risks and solutions for dental practices.

What Are The Threats?

Every day businesses around the globe are being targeted by hackers.

From small businesses – which may hold sensitive information (such as your healthcare practice) – to large international corporations, everyone is a potential target.

The COVID-19 pandemic has made matters even worse, as hackers have created websites designed to imitate “trusted” sites – such as that of the World Health Organization – in order to spread malware.

Other threats can include:

  • Insider threat
  • Organized Crime
  • “Script Kiddies” (unskilled hackers who use existing software to launch attacks)
  • Ransomware

How Much Are You Spending on IT and Cybersecurity?

Think for a minute about how much of your budget goes to IT.

Of course, you’ve got initial start-up costs: purchasing the hardware and software you need to run your practice.

Maybe you also have some re-occurring subscription fees for software licenses or anti-virus.

But beyond that, where is your IT budget going?



Probably to fix things as needed; or maybe to buy new software occasionally as programs to better help you do your work are released.

What if I told you at least half your IT budget should go towards cybersecurity?

What Is Cybersecurity?


Cybersecurity goes far beyond just your antivirus software, although it is an important part of it.

Another important factor is employee awareness and education.

One major way hackers gain access to your system is due to human error: someone inside your organization opened a file with malicious code, or clicked a link they shouldn’t have.

Teaching employees how to recognize suspicious links and phishing attempts will go a long way in keeping your data safe.

Another factor is keeping your software up-to-date.

Firewalls and antivirus software are only useful if any software updates and patches are applied regularly, to avoid vulnerabilities.


The Cost of Security Vs The Cost of a Breach


Most average-sized health care practices (between 8 to 12 team members) spend about $4,500 to $7,000 per year to properly secure, maintain, and have disaster recovery solutions and protocols in place.


This is on top of IT help desk and on-site tech support.


Try The Breach Cost Calculator

It may seem like a lot, but when you compare it to the cost of a breach or ransomware, it’s a minuscule expense.

Additionally, not having the proper security protocols in place could affect your insurance premiums.

“In order to comply with our insurance company’s standards, we needed to answer a number of new questions and had to have our entire staff go through security awareness training,” says Janice Eveleigh, a Physiotherapist from Ontario.

Finally, in many cases, compliance with privacy laws and guidelines in most jurisdictions have requirements for cybersecurity measures to be in place.

While the costs of maintaining cybersecurity may seem high, you often won’t realize the cost of a Cybersecurity incident until it’s far too late.

Furthermore, if you end up paying a ransom to a hacker and word gets out, it can affect your reputation.

Need to Beef Up Your Cybersecurity? Contact Alexio.

Are you ready to start taking Cybersecurity seriously?

Not sure where to start?

An Alexio cybersecurity risk assessment can help you identify the blind spots in your security program, and help you learn to address them.

Contact us today to set up your assessment.