Cybersecurity incidents have become national headlines, with ransomware being a hot topic. Other incidents, like data breaches, are also happening, and reports of these breaches, especially in healthcare, are occurring more and more frequently. A recent survey shows an alarming disconnect between breaches and patients’ knowledge of those breaches.
This survey, conducted by Censuswide involved 2,000 U.S. patients on their views on cybersecurity and data breaches in healthcare.
The survey of patients revealed a third had been the victim of a healthcare cyberattack, and while almost half of the patients (49%) said they would change healthcare provider if it experienced a ransomware attack, many patients are unaware of the extent of recent cyberattacks and how frequently they are now being reported. In 2018, healthcare data breaches were reported at a rate of 1 per day. In the past year, there have been 7 months when data breaches have been reported at a rate of more than 2 per day.
Despite extensive media reports about healthcare data breaches and vulnerabilities in medical devices, 61% of potential patients said they had not heard about any healthcare cyberattacks in the past two years, clearly showing many patients are unaware of the risk of ransomware and other cyberattacks. However, patients are aware of the impact those attacks may have, with 73% of potential patients understanding a cyberattack could impact the quality of care they receive.
When potential patients were asked about their privacy concerns, 52% said they were worried a cyberattack would shut down hospital operations and potentially affect patient care, and 37% said they were concerned about the privacy of information accessible through online portals.
There certainly appears to be trust issues, as only 23% of potential patients said they trusted their healthcare provider with their sensitive personal data. By comparison, 30% said they trusted their best friend with that information.
Know your facts. It is OK to ask about your data and if it has been involved in a data breach. Certain notifications are required by law, but that can vary from state to state.
Remember your SPAR training and be prepared to respond to an attack or a breach of your information.