Product type:

AllBooksEventsOnline CoursesWebinarsPackages
Medical Group Management Association
Top House Ad

Protecting your healthcare organization from cyberattacks

MGMA Stat - March 7, 2019

Risk & Compliance

Health Information Technology

The Medical Group Management Association’s most recent MGMA Stat poll asked healthcare leaders if their organization has experienced a cyberattack in the past year. While the majority (70%) have not experienced a cyberattack in the past year, 23% have and 7% were unsure. This poll was conducted on March 5, 2019, with 1,239 spplicable responses. 

Those who responded “yes” were then asked what type of cyberattack they experienced. Phishing was the most common attack (42%) with malware (ransomware) not far behind at 32%. Others experienced a combination of these hacks (8%) and other types of hacks (10%). A small portion (8%) of organizations experienced cyberattacks but were unsure about the type of attack.

With nearly a quarter of organizations having experienced a cyberattack in the past year, healthcare organizations are particularly at risk when it comes to cyberattacks. In an October 2018 Forbes article, Kate O’Flaherty wrote that hackers can steal “patient records, claiming highly sensitive data, including names, social security numbers, home addresses and dates of birth” leaving these individuals at high risk for identity theft. Not only do these attacks leave your patients at risk, they can also be costly to your organization.  As Aziza Kasumov wrote in a July 2018 Bloomberg article “a data breach can cost health-care providers more than $400 per patient.” Ransomware can also be a costly issue. As explained by Elizabeth Snell in this Health ITSecurity article, “ransomware is a type of malware that typically prevents organizations from accessing certain parts of its system. For example, an entity and its users could be locked out from critical systems, such as EHRs, and may be unable to get in unless they pay a certain amount of money.” Therefore, organizations should take serious steps to prevent cyberattacks from affecting their organization.

In a recent MGMA Connection article, Andrew Jahnke, founder and chief technologist for managed IT and custom cloud service provider RainTech, outlines areas leaders should review to help prevent cyberattacks in their organization. This list offers a detailed collection of key areas that medical practice leaders should examine to be prepared for a possible cyberattack including:
  • Endpoint protection  
  • Network protection
  • Email protection
  • Network administration/management
  • User instruction/policies and procedures
  • Backup/disaster recovery
  • Advanced security measures

For the full list with specific questions regarding each area, click here.

MGMA Stat is a national poll that addresses practice management issues, the impact of new legislation and related topics. Participation is open to all healthcare leaders. See results of other polls and information on how to participate in MGMA Stat.

Learn more
Learn more about MGMA Stat
Learn more about MGMA Consulting

Sarah Taylor
Research Assistant
Bottom House Ad

Shopping Cart

Your cart is empty

Click here if your organization is tax exempt

A State Sales tax exempt certificate must be on file and taxable items cannot be ordered online. For immediate assistance during normal business hours of 7:00am to 5:00pm MT M-Th and 7:00 am to Noon MT on Friday, please call toll-free: 877-275-6462, ext. 1888



Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country

Grand Total:
Use two letter code for US states
Use three letter code for country
Saved credit card is required for opt-in to autorenew.

Questions? Contact the MGMA Service Center for assistance during checkout or review our return policy for more information.




Thank you for your purchase! If you purchased an event, you will be receiving a follow-up email from our Learning Management System regarding the product/event purchased and no further action is required.