Patient health and medical records. Social security numbers. Credit card information. Billing and insurance records. Hackers are targeting this information and threatening to hold it hostage.
The healthcare industry is as vulnerable to cyber attacks as ever, according to a nationwide survey of nearly 300 health care attorneys conducted by Bloomberg Law and the American Health Lawyers Association and introduced in advance of the annual meeting of the Association of Corporate Counsel in San Francisco, October 16-19.
The research found that the majority of healthcare attorneys are intimately involved in managing security issues, according to a press release highlighting the survey findings. Over eight in 10 (84%) have been called upon to evaluate whether a security incident implicates reporting obligations and have been asked to develop relevant internal policies and procedures. And nearly all responding healthcare attorneys (97%) expect their involvement in cybersecurity matters to increase over the next three years, and over seven in ten are developing their own data security expertise to meet this growing demand.
When it comes to cyberthreat responses, both law firm attorneys and corporate counsel feel prepared to respond to a breach or cyberattack but worry that those plans may be inadequate. For example, about 40% of all attorneys said the plans are too generic and lack specific guidance for the types of incidents their organizations or clients might face and have not been adequately tested prior to an actual breach incident. And fully one-third of surveyed attorneys indicated that plans are not updated to reflect the most recent types of cyberthreats or organizational changes.
“While it is encouraging that health care attorneys are on the front lines of preparing for and responding to cyber incidents, it is apparent from this survey that there is much more that needs to be done,” said Scott Falk, vice president and general manager, Health Care and Litigation, Bloomberg Law. “For example, there is overwhelming agreement from respondents that it is important to improve formal cybersecurity education and training for health care lawyers. Thus there is tremendous value in utilizing external resources and professional organizations that can meet this critical need.”
“Healthcare providers have stepped up in recent years to identify and address cyberthreats before they materialize, but according to survey findings, health care attorneys still believe that the health care industry is more vulnerable to breaches and attacks than other industries,” said David Cade, CEO, American Health Lawyers Association. “Quality education for attorneys working in this area will help them effectively counsel clients in preventing and responding to cyberattacks.”