Cyber attacks impede a healthcare organization’s ability to provide care to patients. They’re time consuming and costly and include, downtime, productivity loss, business process disruption, forensic investigation, remediation, data loss, recovery of effected data and devices, reputational damages, and additional employee training. The best way to combat a cyber attack is to prevent it by analyzing threats and creating a cyber security program that protects both your healthcare organization and your patients.
Healthcare cyber security concerns
HIPAA fines mean that the monetary repercussions for healthcare attacks and breaches are far more significant than in other industries. Unfortunately, the healthcare industry is one of the top cyber attack victims. Electronic health records and other digital tools are convenient, but with a value of up to $1000 per record, they put a target on the healthcare industry. With sensitive personal information electronically stored and sent paired with a propensity for employee error, healthcare organizations are a gold mine for cyber criminals. In a recent study of 1,138 breaches that occurred between 2009 and 2017, 53% originated internally. Four out of five US physicians have experienced some form of a cyber security attack. The US healthcare industry accounted for 37% of all ransomware attacks in Q3 2018. Ransomware attacks are predicted to quadruple by 2020. Despite all this, healthcare cyber security doesn’t have to be hard [infographic].
Identifying threats is a key step in defending against them. According to the Department of Health & Human Services’ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients publication, there are five immediate threats in the healthcare industry:
How to create an effective cyber security program
According to the Office of the National Coordinator for Health Information Technology (ONC), “security practices must be built in, not bolted on”. Security policies must be ingrained into your organization and dynamic. As cyber threats change and grow, so must your organization. Since hackers and cyber unsavories run rampant across the globe, cyber security is no longer something that can be ignored. Healthcare organizations must stop playing defense and adopt a proactive, offensive attitude toward security. A holistic IT security approach and a culture of cyber safety can no longer be just a pipe dream, it has to become a reality. Here are some steps you can take to start protecting your organization: