Eighty-three percent of U.S. physicians have experienced some form of a cyber-security attack, according to the new research from Accenture and the American Medical Association (AMA).
The findings, which examined the experiences of roughly 1,300 U.S. physicians, underscore the recognition that it is not "if" but "when" a cyber-attack will occur. They come from an online survey conducted between July 2017 and August 2017, that was further supported with in-depth research and 12 phone interviews with physicians, technology officers and administrators.
More than half (55 percent) of the physicians were very or extremely concerned about future cyber-attacks in their practice. In addition, physicians were most concerned that future attacks could interrupt their clinical practices (cited by 74 percent), compromise the security of patient records (74 percent) or impact patient safety (53 percent).
"New research shows that most physicians think that securely exchanging electronic data is important to improve health care," AMA President David O. Barbe, M.D., M.H.A. said in a statement. "More support from the government, technology and medical sectors would help physicians with a proactive cyber-security defense to better ensure the availability, confidentially and integrity of healthcare data."
The most common type of cyber-attack was phishing — cited by 55 percent of physicians who experienced an attack — followed by computer viruses (48 percent). Physicians from medium and large practices were twice as likely as those in small practices to experience these types of attacks.
Nearly two-thirds (64 percent) of all the physicians who experienced a cyber-attack experienced up to four hours of downtime before they resumed operations, and 29 percent of physicians in medium-sized practices that experienced a cyber-attack said they experienced nearly a full day of downtime.
In addition, the vast majority (85 percent) of physicians believe it is very or extremely important to share personal health data outside of their health system — they just want to do it safely. Two-thirds believe that greater access to patient data both inside (cited by 67 percent) and outside (65 percent) their health system would help them provide quality patient care more efficiently. Furthermore, 83 percent of physicians said that HIPAA compliance alone is insufficient and that a more holistic approach to assessing and prioritizing risks is needed.
"Physician practices should not rely on compliance alone to enhance their security profile," Kaveh Safavi, M.D., J.D., head of Accenture's global health practice, said in a statement. "Keeping pace with the sophistication of cyber-attacks demands that physicians strengthen their capabilities, build resilience and invest in new technologies to support a foundation of digital trust with patients."
These findings are part of a research collaboration between the AMA and Accenture to raise physician awareness and understanding of cyber-security practices. Collectively they signal a call to action for the healthcare sector to increase cyber-security support for medical practices in their communities.