Malware attacks on healthcare up 121% in 2021, 22% of small practices and 45% of large practices have been victimized by ransomware.

If you think your healthcare organization is safe from a cyberattack because you’re too small to be a target, it may be time to re-evaluate your risk.

A recent survey found five percent of small practices (five providers or less) experienced a ransomware attack in the last year. Although 77% of practices targeted in an attack could recover data from backup files without paying the ransom, 23% decided to pay the ransom to recover data. However, paying the ransom is no guarantee of recovering the lost information.

Most survey respondents didn’t reveal what they paid, but four small practices divulged amounts: two organizations paid between $5,000 and $10,000 while two others paid between $25,000 and $100,000. Of small organizations that paid a ransom, only 30% regained their data – 70% lost data despite payment.

Ransomware isn’t the only or even the most significant cybersecurity concern to healthcare organizations

Although ransomware attacks, in general, were up 105% in 2021, data breaches consistently rank as a top concern for healthcare executives. Phishing attacks, in particular, pose a significant threat to organizations of all sizes.

According to the 2021 HIMSS Healthcare Cybersecurity Survey, phishing is usually the entry point for a cyberattack, with 71% of participants reporting a general email phishing incident.

At least 90% of healthcare data stored is electronically, which should make data security a top priority. However, only a quarter of large practices and 42% of small practices spent two hours (or less) on security and data privacy awareness training. Equally as concerning, almost 50% of small practices don’t have a plan to respond to a data breach or cyberattack.

How healthcare practices can prevent and protect against cyberattacks

Tip #1: Provide training to spot cyberattacks

Whether you manage a small or large practice, human error is commonly cited as the reason for a data breach. Organizations can protect themselves by educating staff about new threats and providing reminders regarding established ones. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) regularly issue warnings that apply directly to the healthcare industry, making them resources worth monitoring.

The ability to spot phishing attacks is essential since it is often the gateway hackers use to access information. Although many are aware of the prevalence of phishing via email, texts, and even social media accounts, it is still surprisingly effective. Healthcare organizations need to pay close attention to employees accessing personal accounts on practice computers, tablets, and cell phones to minimize the risk of a data breach.

Tip #2: Build a robust infrastructure focused on security

The MGMA recommends these action steps to protect your organization:

  1. Conduct regular and complete HIPAA Security Risk Assessments, including plans for cyber attack response
  2. Keep systems and antivirus software up to date
  3. Ensure all files containing patient information are encrypted
  4. Use multifactor authentication when possible
  5. Confirm business associates have cyber security protections in place
  6. Use off-site, third-party data backup options
  7. Regularly conduct penetration tests to assess the strength of firewalls, web servers, patient portals, etc.

Many healthcare organizations with limited budgets and personnel for cybersecurity may find it challenging to execute recommended action steps independently. Using disparate systems for patient records, practice management, and patient payments can complicate processes even further.

Migrating to a central, cloud-based system dramatically simplifies the process of cybersecurity protection. Using a solution that provides clinical, practice management, and patient engagement capabilities together, such as athenaOne®, not only simplifies the business of healthcare but also provides layers of security difficult for small and mid-sized practices to achieve independently.

Have questions about how to protect your practice against cyberattacks? We’re here to help.

Virtual OfficeWare Healthcare Solutions (VOWHS) makes it easy to focus on improving patient health with our comprehensive offering of medical billing management, patient engagement, telehealth, and smart interoperability solutions – all protected by gold-standard cybersecurity expertise. Contact us today at (412) 424-2260 or visit to learn how we can help you optimize workflows, reduce administrative burdens, maximize revenue, and protect your organization and data from cyber threats.