When it comes to cybersecurity threats, the healthcare industry is a major target for nefarious actors. According to Merlin International and the Ponemon Institute’s study, 2018 Impact of Cyber Insecurity on Healthcare Organizations, this field accounted for as much as 23% of all data breaches last year (and resulted in the exposure of over five million sensitive patient records).
While humans have been highly successful in developing vaccines for a number of diseases, securing IT infrastructure continues to be a huge challenge. This is because healthcare providers are tasked with a significantly wide attack surface.
According to the study, most of the healthcare providers surveyed worked at institutions that supported 100 to 500 patient beds (67%) that used an estimated 10,000 to 100,000 network-connected devices (66%).
Bad actors within this space are actively trying to breach healthcare systems to access the following:
- Clinical trial and other research information (45%)
- Log-in credentials (54%)
- Patient medical records (77%)
- Patient billing information (56%)
- Servers or applications (49%)
Cybercriminals are on a relentless mission to steal your data or hold it hostage for ransom because it can result if a massive payday, but sometimes they might be just motivated to cause chaos.
At the same time, we can’t ignore technological advances as they help enhance patient care. With the rise of ransomware attacks (37%), the industry can’t afford to waste any more time or over-intellectualize this whole process. Rather, the time for action is now!
So how can healthcare organizations better secure their IT infrastructure? Let’s take a look.
Perform Regular Security Audits
To maintain HIPAA compliance, it’s a good idea to perform a security audit on a regular basis. This approach will help you identify vulnerabilities and provide an opportunity to resolve them.
This will also ensure that all software is kept up to date. However, if your healthcare organization is leveraging the Internet of Things, extra steps must be taken (immediately) to update all default passwords on the network.
At this juncture, it’s also a good idea to take steps to ensure that the same password isn’t used again. When this happens on a regular basis, in time, it will become part of the cultural fabric of the organization.
Implement a Layered Defense System
Let’s face it, no matter what you do, your IT infrastructure will never be 100% secure. But the good news is that you can make it difficult (for bad actors to breach the system) by implementing a layered defense system.
This means that even if one layer is breached, cybercriminals won’t be able to gain access to sensitive patient data. This approach can also be your first line of defense to identify an attack in progress before it’s too late.
Stay Proactive with a Robust Response Plan
Whenever the first layer is breached, you should also have a robust cybersecurity response plan in place to effectively respond to a potential attack. This is important because how quickly you respond will have a direct impact on the outcome of the security breach.
However, having a plan in place won’t be enough if your staff doesn’t have a clear understanding their roles and responsibilities. As a result, it’s critical to run regular drills to ensure that everyone is ready to respond quickly and effectively.
Staff Training Is Key to Protecting Your Data
From general practitioners to major hospitals, the industry has adequate resources to invest in the best technical controls to protect their network. However, what’s often overlooked is the human element that’s usually the root cause of most data breaches.
As places like hospitals and clinics are high-stress environments, it makes sense that cybersecurity isn’t a top priority. However, it should be!
The Global Business Technographics Workforce Benchmark Recontact Survey, 2017 suggests that only 30% of global information workers in the healthcare industry received training on how to protect workplace data. What’s even more concerning is the fact that only 38% were even aware of their institution's security policies.
This reaffirms the fact that without adequate training to improve awareness, there’s always going to be a serious vulnerability within the organization.
Hire a Cybersecurity Leader
It really came as a shock to me that as much as 84% of healthcare providers in the U.S. didn’t have a cybersecurity leader. However, if you think about it, this might be the primary reason why so many healthcare workers lack awareness when it comes to keeping sensitive data secure.
In a highly regulated industry like healthcare, the consequence of a data breach is immense. So this phenomenon has to change sooner rather than later. This is because having someone in charge of cybersecurity can help ensure that security audits, risk assessments, and staff training occur on a regular basis.
The key takeaway here is that the threat of a data breach isn’t going to go away. As technology evolves and the industry goes through a digital transformation, it’s highly likely that we’ll see more security events in the years to come.
The healthcare industry is growing and is now the second largest sector in the U.S. economy. In fact, it accounted for 18% of the gross domestic product in 2017. So you can bet that’s going to grab the attention of hackers!
So while IT spending in the healthcare industry reached $100 billion last year, taking a proactive approach to security across the organization will be critical to remain secure and compliant.