Why Small Medical Practices are Major Targets for Cybercrime

Posted by MG Hosting Services LLC on May 21, 2020 11:07:24 AM

As small businesses work to survive the coronavirus pandemic intact, cybercriminals are taking advantage of the situation, sending cybercrime rates to record highs. To keep your business safe, you need to understand the threat it is facing.

Complacency is Dangerous

Hacking and other cybercrimes have been the stuff of movies for more than five decades now. But if there’s one thing that these movies have been incorrectly implying, it’s that cybercriminals are only interested in toppling down large, powerful institutions—governments, banks, casinos, business corporations, etc.

This has unfortunately led many small institutions, particularly in the healthcare industry, to believe that they’ve got little to worry about when it comes to cybersecurity. 

“Hackers won’t bother breaking into my small practice’s network, they’ve got bigger businesses to attack!”

“My clinic doesn’t have as many patients as those other healthcare facilities, cybercriminals won’t waste their time with me.”

It’s this dangerous sense of complacency that has forced many practices to cancel services, turn away patients, pay ransom demands, and even close their doors permanently. 

According to the 2019 HIMSS Cybersecurity Survey, 74% of healthcare organizations have experienced at least one significant security incident during the past 12 months. Within the past decade, the healthcare industry has been one of the most frequently targeted industries around the globe.

Contrary to what we learn in the movies, it’s the smaller facilities that usually bear the brunt of these attacks. Here are a few reasons why:

  • Because of the Value

Having a small practice does not exempt you from cyberattacks. According to Moody’s Corp Healthcare Analyst Jennifer Barr, every health organization is an attractive target for cybercrime. That’s because the medical and billing information that they hold are highly valuable.

Cybercriminals can sell medical and billing details to pull off insurance fraud. They can also withhold them and force the health organizations to pay a ransom.

Whether it’s from a huge hospital or a small clinic, a medical record is a medical record. And each one is worth a lot on the black market, which is why cybercriminals will do all they can to steal them from you.

Be cautious and vigilant. Educate your workforce, have cybersecurity protocols in place, and ensure that your EHR system is secure. Regardless of the size of your practice, the fact that you are in the healthcare industry already makes you an attractive target for cybercriminals all over the world.

  • Because of the Lack of Security

Let’s face it, smaller healthcare organizations typically don’t have the resources needed to invest in the latest, most robust IT security systems and tools—they may not even have their own IT staff in the first place. 

While it’s certainly an advantage for a healthcare provider to be able to take care of their IT network, they may not be equipped with the skills and knowledge needed to fully protect the practice from data breaches and full-blown cyberattacks.

Cybercriminals know this and will take advantage of it.

Likely to have weaker cybersecurity defenses, a smaller practice is an easier target for cybercriminals than a large healthcare organization. That leaves their patient records, billing information, EHR systems, and entire servers at risk of potential hacks and exploits.

If you are a small healthcare facility, it’s important to know that you don’t have to shell out a huge amount of money to keep your IT network secure.

If hiring a dedicated cybersecurity team isn’t a practical move for you right now, you can partner with a trusted managed IT service provider (MSP). They offer versatile IT solutions that can be tailored to meet your practice’s unique needs.

  • Because of What’s at Stake

Cybercriminals know that in healthcare industries, the safety and quality of human lives are involved. They know that if they get to shut down your facility even for just a week, lives are at stake, and they will use this as leverage, especially during the coronavirus pandemic.

According to a 2019 statement by cybersecurity giant Bitdefender, cyberattacks against hospitals can bring all their activities to a halt, particularly when the medical data of the admitted patients is blocked.

The same thing can happen to smaller practices. If a ransomware attack occurs, doctors won’t be able to provide treatment, perform surgeries, or prescribe medications. With their patients’ lives at stake, healthcare providers will then be forced to pay a ransom just to access the data again.

The sad part is that there is no assurance that paying the ransom will get the lost data back. You could end up paying and still lose everything. Cybersecurity experts discourage paying ransoms, but what do you do if there’s no other way of recovering the data?

You don’t want to be stuck between a rock and a hard place. The safest precaution would be to keep a backup of the data that your practice handles. Have a system that does daily back-ups (server snapshots) and stores them in a secure, HIPAA-compliant, off-site environment. 

Don’t Let Cybercriminals Win

Cybercriminals are smart. They will do anything to exploit businesses. And contrary to what movies show, they’re not just after large corporations and offices.

They will make a move on organizations that can give them the most money with the least resistance. This is exactly why small practices holding valuable medical records but lacking robust cybersecurity defenses are a major target.

Don’t let cybercriminals take away what you worked so hard for. Start taking steps to protect your practice today. 


MG Hosting Services is a company dedicated to protecting the healthcare industry from the growing threats of cyber attacks and data theft. A practice’s first line of defense against cybercriminals, they are highly trained IT specialists and cloud engineers ready to serve the technical needs of healthcare professionals 24/7. With offsite data storage, military-grade data encryption, and full remote work support, they can prepare practices for anything that comes next. Learn more on their website, and find more posts like this one on their company blog.

Topics/Tags/Categories: Cyber Security, Healthcare Technology

Latest Posts