How can a cyberattack impact an orthopedic practice?
Prepare, prevent cyberattacks
Cyberattacks are increasing in frequency and impact the ability of an orthopedic practice to provide patient care at local, and potentially, nationwide levels.
The Health Information Technology for Economic and Clinical Health Act promoted and enforced widespread implementation of the electronic medical record. Since then, nearly every medical practice has experienced an increase in interconnectivity with various software and hardware platforms. Almost every aspect of modern practice relies on an intranet of linked electronic systems: patient scheduling and intake forms, insurance data, imaging acquisition and interpretation, note-taking, and billing and coding. A cyberattack disrupts the flow of care and inhibits critical portions of this system, sometimes affecting the entire infrastructure. This results in the inability of a practice to manage its regular patient volume. The ripple effect leads to delays in patient care, compromised treatment and financial losses. Both acutely injured patients and those with chronic musculoskeletal conditions are displaced to other facilities, often overwhelming surrounding practices. The financial impact is frequently measured in millions of dollars.
Prevention and preparation are crucial for minimizing the impact of a cyberattack. Regular system-wide mandatory training modules, awareness of evolving attack methods (eg, email phishing) and the development of cyberattack plans not only reduce the risk of an attack but also provide a roadmap for managing failures in critical components of patient care. Similar to fire, mass casualty or disaster plans, a cyberattack response plan can streamline care and minimize disruption. While each plan should be tailored to the practice or institution, we found it helpful to have an EMR backup mirror to ensure continued access to future appointments and data. In addition, maintaining various paper order sets for downtime events proved beneficial.
As AI continues to evolve, so will the landscape of cyberattack prevention and detection. Emerging coding and algorithmic techniques promise to detect and prevent cyberattacks before they can affect staff and patients. Moving forward, the question is not if your practice will be attacked, but rather when — and whether your team is prepared.
- References:
- Alrowais F, et al. Comput Electr Eng. 2023;doi:10.1016/j.compeleceng.2023.108636.
- AlZubi AA, et al. Soft Comput. 2021;doi:10.1007/s00500-021-05926-8.
- Ghafur S, et al. NPJ Digit Med. 2019;doi:10.1038/s41746-019-0161-6.
- Tarka M, et al. Injury. 2023;doi:10.1016/j.injury.2023.02.022.
- United States. Congress. House. Committee on Energy and Commerce. Subcommittee on Health. Implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act: Hearing before the Subcommittee on Health of the Committee on Energy and Commerce, House of Representatives, One Hundred Eleventh Congress, Second Session, July 27, 2010. Washington, D.C.: U.S. Government Printing Office; 2013.
Michael Blankstein, MD, FRCSC; Patrick Schottel, MD; and Mitchell Tarka, MD, are from the University of Vermont Medical Center in South Burlington, Vermont.
Click here to read the Cover Story, ‘Invest in ‘good cyber hygiene’ to thwart cyberattacks.’
Collapse
Read more about