South Florida Hospital News
Tuesday November 24, 2020

test 2

August 2020 - Volume 17 - Issue 2

Cyber Attacks on Healthcare Companies Increasing as More Employees Work from Home

When the COVID-19 crisis hit, many businesses sent their employees home to work remotely. And while this may have helped to keep the companies running, it also created the opportunity for cyber criminals to access confidential information.

“We’re seeing a number of cyber issues relating to the COVID pandemic, including practices that have had their systems breached or hit with ransomware issues,” said Matt Gracey, medical malpractice insurance specialist at Danna-Gracey, the largest independent medical malpractice insurance agency in Florida. “Healthcare is the #1 target for cyber criminals, and it’s getting worse; the World Health Organization (WHO) recently reported that there’s been a fivefold increase in cyberattacks on their organization since the COVID crisis began.”
Any company that has a security breach as the result of people working from home offices may be liable, and can be sued for the unauthorized release of confidential patient information. Gracey gives the example of the Florida Orthopedic Institute, which is being sued for $99 million on behalf of patients for the company’s failure to keep their information safe.
On top of being sued, companies also face the likelihood of being fined by the government for HIPAA (Health Insurance Portability and Accountability Act) violations.
The Perfect Storm
In addition to having employees working from non-secure home offices, many healthcare companies are also at risk from having to reformat their practices in the age of social distancing.
“I’ve read that within the first two weeks of us shutting down as a country back in the spring, between 80 and 90 percent of healthcare providers initiated telehealth practices in some form or another,” said Gracey. “The vast majority of practices went from very limited use of telehealth to some form of it, ranging from FaceTime to something more sophisticated. You can image the cyber security issues that come from an entire industry sector rushing to get into a form of communication that they’ve not used before.”
Cyber criminals also have gotten quite acute at targeting potential victims, creating new scams centered around the COVID-19 crisis.
“They are doing things that range from offering fake diagnostic tests to phishing scams representing themselves as the CDC and asking to audit a practice for safety reasons,” said Gracey. “They have created quite a number of malicious websites advertising all kinds of help for COVID issues, when really all those sites are doing is loading malicious software onto emails and websites.
“Cybercriminals are working double-time against U.S. healthcare, which is focused on COVID and not its computer systems,” he added. “It’s a real Achilles’ heel at the moment.”
Is Your Practice Covered?
According to Gracey, doctors need to get in touch with their insurance agents as soon as possible to review their cyber liability coverage. “Most doctors have very minimal coverage; our experience is that the majority have their cyber coverage either through their property package policy or through their malpractice insurance policy.
“Either way, most of the cyber coverage we see out there is insufficient to cover the risk a practice is taking on the cyber side,” he added, advising that businesses get a stand-alone, robust policy that has much broader coverage. These policies should also include access to a comprehensive and robust response team to solve any problems that arise.
“Part of the problem with cyber claims is that you can call your IT people after a ransomware attack, but they can only do so much,” Gracey said. “Many practices call their attorneys to help, but they have no expertise in this area. A good policy has a whole response team that moves in to handle the issue, even negotiating with the hackers.”
Gracey added that while healthcare providers may not be able to completely avoid cyberattacks, taking a proactive role in protecting their patients’ information—and their own practices—is vital. 
“Having good, solid protocols in place can help to lessen HIPAA violations; even if they fail, the government takes into account that you didn’t ignore the risk,” he said. “There are going to be a lot more information breaches in the future, so doctors should be doing everything they can to protect themselves from cyberattacks.”

To find out if you’re prepared, contact Matt Gracey or Tom Murphy at (800) 966-2120 or visit

Share |