By MICHAEL COLEMAN
MANAGING CYBERTHREATS PROTECTING COMPANY AND PATIENT DATA IS NO LONGER OPTIONAL FOR O&P BUSINESSES
NEED TO KNOW • Data breaches and ransomware attacks are a growing problem for U.S. healthcare companies, including O&P facilities, causing financial and reputational damage to facilities that are targeted. • Protecting patient data also is critical because O&P facilities must comply with the HIPAA Security Rule mandating that covered entities evaluate risks and vulnerabilities in their environments and implement appropriate security measures. • Healthcare facilities are experiencing phishing attacks that target employees and trick them into sharing sensitive business information, as well as ransomware attacks that aim to extract a ransom by locking a company’s stored data and demanding payment for a key to regain access. • Many O&P facilities choose to contract with security firms to assess vulnerabilities and handle IT security, and some also choose to purchase cyber insurance to minimize damages should a breach occur.
32
AUGUST 2021 | O&P ALMANAC
B
Y THE END of 2021, U.S. businesses
will be targeted by a ransomware attack every 11 seconds, according to research firm Cybersecurity Ventures. Healthcare companies—including O&P facilities—are especially vulnerable because of the extensive and valuable patient data they maintain. About 15 percent of all data breaches in 2019—ransomware, phishing attacks, and more—involved the healthcare system, with losses to the industry reaching $25 billion, according to the “2021 Data Breach Investigations Report.” And there’s more bad news: According to global cybersecurity giant Sophos, the cost of remediating ransomware attacks—in which cybercriminals seize records or entire computer networks and demand a ransom for their return—has doubled in the past year. A growing number of organizations are paying ransom demands ranging from an average of $10,000 to more than $1 million,
