Healthcare providers such as dentists and doctors have had to endure increasing numbers of data breaches, while almost all other brackets have seen decreases in the same metrics. These breaches are expensive events for small or medium practices, but what are the true costs?
Hackers are all about turning a profit, and will go after easy targets, because they are faster to fall and quick to pay. The less time they have to spend working out a way to infiltrate your systems – and it’s usually done through email phishing – the more companies they can hit.
Most companies (and smaller healthcare practices) have inadequate cyber security education for their staff, making this is the very weakest of all the fronts. Staff don’t understand what they’re doing when they let in the hackers, even if they understand the importance of keeping them out. A simple training series has been shown to reduce successful attacks by 70%.
What’s the cost?
There are several factors to account for when we try to determine this number.
Firstly, there’s the ransom payment itself, which has risen to over $36,000 – an increase of 184% in just a matter of a few months. Once paid, most business get the decryption key to unlock their files, but between 4% and 18% of those who pay do NOT ever get their files back.
Once a business gets the encryption key to get their files back, it also costs them money to have them recovered (a process which sometimes ends up losing some customer files, anyway). In most cases, the servers and workstations must undergo complete operation systems re-install to ensure all bad files are removed.
Lastly, tally the cost of lost business. When you can’t serve your patients, and you have no billable hours for up to ten days, that is revenue that is hard to get back – especially when you consider the collateral damage. These are the things that no amount of good insurance can indemnify you for.
Remember the MasterCard “priceless” ads? Well, even after you quantify and account for all the hard costs, there’s always going to be the cost of having to tell your clients that their data was exposed to hackers. What’s that worth to avoid, if nothing else?
Most practices see a drop-off in visits after they’ve been targeted, as patients opt to prevent themselves from further vulnerability. However, you can’t expect to be able to replace them with new patients, either – at least, not as easily. After a company has had a data breach, up to 59% of people are unwilling to do business with them.
Finally, factor in staff morale. Once a practice has been hacked, and staff have been off for days while the IT partners remedy the situation, they often return to work feeling defeated and vulnerable. If they’ve spent their days off doing their research, they’ll know that the number one cause for security breaches is human error.
The Game is Always the Same
User error is the usual cause of a cyber security incident, as they have extremely clever ways of gaining access through phishing emails. With over 1 billion breached emails for sale on th dark we, it’s easy to get on a target list. Alternately, their research of your website etc…may lead them to very specific, individual or detailed phishing scam opportunities.
Another weak front is Remote Desktop Protocol – whereby desktops can be and are accessed by a service provider or administrator at a different location. However, this leaves an open door for a good hacker. An encrypted secure compliant remote access solution with multi-factfor authentication must be used. Read how 400+ Dental Clinics were taken by ransomware.
Knowing these facts are half the battle, and allow you to take steps to prevent your first or next breach. An easy way to learn how vulnerable your are to security threats is to get a cyber-security risk assessment.
Protect Your Patients’ Data
You might be surprised to hear that 73% of managers do not feel ready for a cyber-attack. Are you one of those?
There are plenty of companies out there that can help you with anti-virus software, or daily IT fixes. Alexio is designed specifically for dental, medical, and other private healthcare pratices, offering a full standardized suite of cyber-security solutions to keep patient and practice data safe.
Number one on Alexio’s list of priorities is to provide you and your staff with our free online cyber-security training, to quickly and significantly reduce your risks.
Book your free consultation now, and let us help you avoid being a victim of a ransomware attack.
Anne Genge is the CEO and co-founder of Alexio Corporation. She and her team of certified privacy and security professionals help dentists, physicians, and other healthcare providers to secure their data & systems, and comply with privacy laws & college mandates. She is a firm believer that good training in cyber-security is the key to protecting not just her family and clients, but also government bodies and major corporations. To this end, she has partnered with many organizations, including the Canadian Dental Association, to produce training in order to reduce the frequency of human error resulting in a security breach.