Over the last 40 years, Ambulatory Surgical Centers (ASCs) have become a model for surgical services by providing high-quality, low-cost health care.
By breaking away from hospitals and developing ASCs, physicians were able to sidestep a number of issues such as scheduling delays, the limited availability of operating rooms and hospital red tape that often made obtaining new and specialized medical equipment a struggle.
However, there is one major issue plaguing hospitals that ASCs have not been able to escape, and may even be more vulnerable to. That is the threat of a devastating cyber attack.
Stolen medical information can be sold on the black market for more than 100 times the value of credit card information.
Big Business In Stolen Medical Records
In an industry like healthcare, cybersecurity is particularly important. Providers are entrusted with the personal information of their patients, including everything from social security numbers, to credit card numbers to medical history.
According to Aite Group, stolen medical information can be sold on the black market for more than 100 times the value of credit card information. This information can then be used to purchase medical equipment or drugs to resell, or even used to match patient numbers with false providers to file fraudulent payer claims.
With stolen medical information fetching such a high price, it isn’t surprising to learn that, according to KPMG, 81 percent of healthcare providers in the United States experienced a cyber attack during 2014/2015. Additionally, KPMG also found that healthcare providers are often woefully unprepared for modern cyber threats. Only 53 percent of providers and 66 percent of payers believe they have sufficient defenses to fend off a cyber attack.
And while hackers receive the bulk of bad press when it comes to data theft and cybersecurity, the reality is that most data breaches stem from the behavior of an organization’s own employees. A Forrester study shows that the majority of data breaches, 61%, start with negligent or malicious employees. Negligent employees (e.g., an employee replying to a phishing scam) account for 36% of those breaches.
Unfortunately, ASCs aren’t immune to any of these threats. In fact Nelson Gomes, Group President and CEO of PriorityOne Group believes that hackers could specifically target ASCs because their systems are easier to attack than those of larger hospital systems. Additionally, Gomes adds that because ASCs might not find the issue right away, hackers would be given additional time to copy and transfer large amounts of data out of ASCs’ systems.
Firewalls aren’t enough. While they do offer ASCs some protection against possible outsider threats, if hackers are able to break through the firewall, they will have access to all the information inside of your organization.
How Can ASCs Protect Their Data?
Following are potential risks and concerns for ASCs to consider: