60% of small business go out of business within 6 months of a breach or cyber attack.
Ouch. Talk about getting straight to the point. I owned a small business for years and these kinds of stats keep me up at night.
We hear about risk and risk assessments all the time. But what is risk? Is it the same for my 3-4 doctor private practice as it is for a large hospital? On the surface you might say no, because a hospital with hundreds of doctors and PAs and a constant stream of patients has way more to lose than a small mom and pop primary care office. But therein lies the rub.
Most hospitals already have some sort of organizational construct that provides for Information Technology (IT), how departments for doctors and billing and insurance can communicate and share medical and financial information to ensure the proper care and instructions, and hopefully there is an information security policy in place with controls to help ensure those policies are enforced, as well as maintaining compliance with HIPAA and other regulatory and legal requirements.
But what about the small business? Do you have an IT department? Its expensive to have someone on staff full time paying them salary and benefits just to ensure your laptops and mobile devices are operating they way they should with the applications that run your X-rays and dental scan machines and processing billing and insurance claims and making sure email is working.
Business operations is just part of it. A necessary part, but you have to ensure its secure from all the bad that COULD happen. We have health insurance, dental insurance as the most common for most. Businesses will have liability insurance and medical practices will have malpractice insurance. What about cyber insurance? Does your IT department (if you have one) know how to look at your overall business and identify where you might be vulnerable to cyber risks? And what happens if one of your vulnerabilities is identified by a would-be attacker and they decide to take action? “Unlikely to happen to me, because I’m too small and I’m too small a target” you might say.
I hate to break it to you, but Verizon’s 2020 Data Breach Investigations Report (source: Verizon’s 2020 Data Breach Investigations Report (DBIR) ) showed that nearly 1 in 3 breaches that took place involved small businesses. Whats more alarming, in 2020 alone, the healthcare industry saw a 42% uptick in cyber breaches from the year prior, affected 31 million (yes thats MILLION!) patients. Thats just a number, so I’ll put it into context: since the census data isn’t ready yet these are estimates, but thats MORE than the population of NYC, LA, Chicago, Houston, Phoenix, Philadelphia, San Antonio, San Diego, Dallas, San Jose, Austin, Jacksonville, Fort Worth, Columbus, Charlotte, and San Francisco combined (source: https://worldpopulationreview.com/)
So what about the small business? Please take focus if you are one of them. Hiscox’s Cyber Readiness Report for 2020 showed that cyber events median cost of a breach skyrocketed by more than 5x to $57,000 compared to just $10,000 the year prior. “But I only have a dozen employees. I won’t see those losses.” You might say.. The median for 10-49 employees was $17,000. And that doesn’t take into account the fines and penalties from HIPAA or financial fallout or client losses from having to publicly state to the local and state media that you were breached (yes, that is a HIPAA requirement if 500 or more individuals are affected by a breach ) (source: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html)
Get your business an IT security and HIPAA assessment to see how you currently stand. Check with your IT department to make sure you have the protections in place against malware, ransomware, and make sure they prove it to you. You can’t hold them liable when you are required to pay a $30,000 ransom to get your patient data back or get your systems back online from a breach. Big businesses have the insurance and depth to withstand a loss, but small business tend to close up shop for good. You don’t need to hire an IT department to ensure your cyber footprint is secure, you need experts in cybersecurity and the right tools in place to not become one of those statistics. Our business is small business. Give us a call.
