Privacy breach prevention is a priority for clinic managers. In a recent survey sent to 35,000 Brightsquid users, 93% of clinic managers agreed privacy breach prevention is critical to the health of their clinic. In fact, more people placed importance on privacy breach prevention than they did privacy compliance. Of course, under mandatory breach reporting, there are many reasons to avoid privacy breaches in your clinic but the main reason driving clinics to keep patient information protected might surprise you.
Only 16% of clinic managers believe a privacy breach would be easily handled without disruption. The number is probably high compared to the reality (depending on the type of breach). Especially consideringa new report that says the average cost of recovery from a ransomware attack (which is a privacy breach) in 2019 was $141,000, up from $46,800 in 2018.
Based on the statistics that show average downtime from privacy breaches like a ransomware attack, clinics can expect to be down or impaired for anywhere from a few days to months. Which is a fact that most clinics recognize. 86% of clinics agree that privacy breach prevention is critical to their ability to stay open and serve their community.
In most clinics and healthcare organizations, the mandatory role of Privacy Officer is assigned to someone as their secondary role, as you would appoint a fire marshal in your office. But managing the privacy of a clinic, especially training and dealing with privacy breach response is an involved and on-going process that will demand the majority of that person’s time. Their “main” duties will no doubt be neglected while they focus on breach reporting and recovery.
Research has proven that healthcare organizations that suffer ransomware attacks aren’t able to provide the same level of care as they did prior to the attack. Class action lawsuits are filed against healthcare organizations because they failed to take necessary precautions to protect their patient’s information and their ability to deliver care has been crippled as a consequence.
When asked to identify the most serious threat of privacy breach in their clinic, 42% of survey respondents pointed to their use of email. Next in line were a lack of privacy breach prevention training, then a lack of in house privacy compliance expertise.
It is interesting to note in this question that 35% of respondents said privacy breaches are not a threat to their clinic. However,a recent article in The National Law Review showing predictions for the rise in ransomware attacks urged businesses to include the cost of ransomware recovery in their budgeting. In Canada, privacy breach reports climbed 600% in 2019 and the province Alberta saw a similar increase. In a global study of ransomware prevalence, 60% of companies admitted they were targeted by ransomware in 2019.
So, privacy breaches are becoming less of a question of if, and more of a question of when. Failing to proactively prevent privacy breaches because you don't think it will happen to you (a belief cyber criminals are counting on) is a lot like driving without a seat belt or insurance because you haven’t ever been in a car accident.
When asked to complete the sentence, “A privacy breach at our clinic would:”, most clinic managers stated that a privacy breach would damage patient trust. Following that, 96% of clinic managers agreed that privacy breach prevention is critical to their clinic’s reputation with patients.
Not a single person disagreed with the statement that, “Privacy breach prevention is critical to our reputation with patients.” 70% of clinic managers strongly agreed, and 26% agreed, while 4% were indifferent whether breaches impacted their reputation with patients.
75% of clinic managers indicated that privacy compliance is important because “It is our duty to protect patients.” The next closest answer was that privacy compliance “protects the ongoing viability of our business” at 19%.
Similarly, 74% of clinic managers said that their clinic needs to avoid privacy breaches because “We have a responsibility to protect our patients.” The next closest answer for this question was “privacy breach prevention is the law” with 16%.
Only 14% of people surveyed thought their clinic doesn’t need expert privacy support to prevent breaches. This is a strong admission by clinics that they aren’t equipped to properly protect the patient information in their care against evolving threats.
When asked about the most important elements of a privacy breach prevention plan, clinics highlighted the need for training and having the right policies and procedures in place.
With over a decade of helping clinics block breaches, Brightsquid is the leader in creating privacy breach prevention plans. Our privacy support services include the assessments, planning and policy documents, training, and technology tools you need to properly prevent privacy breaches as new threats evolve every day.