4 steps to take when your practice suffers a cybersecurity breach – Medical Economics

September 29, 2025 CDO TIMES BOT 0 Comments digital 3 min read

News
Article
Author(s):
Fact checked by:
Cyberattacks can halt operations, trigger fines and erode patient trust. These four steps can help practices prepare, respond and recover when the inevitable breach occurs.
The consequences of a breach can be devastating. Beyond the immediate operational disruption — computers frozen, EHRs inaccessible, appointments canceled — practices face potential regulatory penalties, lawsuits, and reputational harm. The Department of Health and Human Services (HHS) has issued fines for failing to encrypt data, for not maintaining backups, and for leaving security gaps unaddressed. The HIPAA Security Rule requires covered entities to implement administrative, physical and technical safeguards. Insurance may offset some costs, but liability carriers often require practices to follow specific response protocols. Patients, too, expect transparency and protection of their most sensitive information.
Despite the high stakes, many practices are unprepared. They may rely on outdated antivirus software, leave security responsibilities entirely to vendors, or assume their EHR provider will handle backups. Staff may fall for phishing emails or fail to recognize suspicious activity. As Rana McSpadden, FACMPE, CHPC, CPC, a medical practice consultant with SVMIC, put it during her MGMA Leaders Conference 2025 session: “Don’t just leave this to your IT people, you need to be involved in this process.”
The good news is that there is a playbook. Cybersecurity experts recommend a four-stage approach to incident response: preparation, detection and analysis, containment and recovery, and post-incident review. Each step involves not just technology but also leadership, communication, and training. Practices that follow this structured process can minimize damage, restore operations faster, and strengthen defenses for the future.
What follows is a roadmap for administrators to follow when a breach occurs — from assembling the right response team, to notifying authorities and patients, to learning from mistakes so the next attack does less harm.
The aftermath of a breach is also a reminder that cybersecurity is not just an IT problem but a leadership responsibility. McSpadden emphasized that administrators must “set the tone at the top” by integrating cybersecurity into business strategy, funding proper defenses and promoting staff awareness.
Health care data remains a prime target for cybercriminals. With preparation, rapid detection, decisive containment and continuous improvement, practice leaders can reduce damage and maintain resilience when the inevitable breach occurs.
Stay informed and empowered with Medical Economics enewsletter, delivering expert insights, financial strategies, practice management tips and technology trends — tailored for today’s physicians.
MGMA policy update for practices: Prepare for reimbursement shifts, Medicaid cuts, ACA uncertainty
Women in medicine month, with Yalda Jabbarpour, M.D., and Annie Koempel, Ph.D., M.A., RDN, LD
Top sessions for physicians at MGMA Leaders Conference 2025 — Wednesday, Oct. 1
Challenging your limits, with Justin Osmond
Medicare beneficiaries face higher costs, near-universal prior authorization for GLP-1 drugs
Top sessions for physicians at MGMA Leaders Conference 2025 — Monday, Sept. 29
MGMA policy update for practices: Prepare for reimbursement shifts, Medicaid cuts, ACA uncertainty
Women in medicine month, with Yalda Jabbarpour, M.D., and Annie Koempel, Ph.D., M.A., RDN, LD
Top sessions for physicians at MGMA Leaders Conference 2025 — Wednesday, Oct. 1
Challenging your limits, with Justin Osmond
Medicare beneficiaries face higher costs, near-universal prior authorization for GLP-1 drugs
Top sessions for physicians at MGMA Leaders Conference 2025 — Monday, Sept. 29
259 Prospect Plains Rd, Bldg H,
Monroe, NJ 08831
609-716-7777