4 in 5 physicians had a cyberattack in their practices, says survey

Dec. 14, 2017

More than four in five U.S. physicians (83%) have experienced some form of a cybersecurity attack, according to new research released today by Accenture and the American Medical Association (AMA). This, along with additional findings, signals a call to action for the healthcare sector to increase cybersecurity support for medical practices in their communities.

The findings, which examined the experiences of roughly 1,300 U.S. physicians, underscore the recognition that it is not “if” but “when” a cyberattack will occur. More than half (55%) of the physicians were very or extremely concerned about future cyberattacks in their practice. In addition, physicians were most concerned that future attacks could interrupt their clinical practices (cited by 74%), compromise the security of patient records (74%) or impact patient safety (53%).

The findings show the most common type of cyberattack was phishing—cited by more than half (55%) of physicians who experienced an attack—followed by computer viruses (48%). Physicians from medium and large practices were twice as likely as those in small practices to experience these types of attacks.

Nearly two-thirds (64%) of all the physicians who experienced a cyberattack experienced up to four hours of downtime before they resumed operations, and approximately one-third (29%) of physicians in medium-sized practices that experienced a cyberattack said they experienced nearly a full day of downtime.

In addition, the vast majority (85%) of physicians believe it is very or extremely important to share personal health data outside of their health system—they just want to do it safely. Two-thirds believe that greater access to patient data both inside (cited by 67%) and outside (65%) their health system would help them provide quality patient care more efficiently. In addition, a significant majority (83%) of physicians said that HIPAA compliance alone is insufficient and that a more holistic approach to assessing and prioritizing risks is needed.

AMA has the full release