Over the past several years the healthcare industry has become the number one target of cyberattacks. These attacks have exposed tens of millions of customers’ identities worldwide, costing an estimated $1 billion USD in losses.
According to the Ponemon Institute, “the highest data breach resolution costs are for healthcare data breaches, which typically cost an average of $408 per record. This is considerably higher than financial services data breaches in second place, which cost an average of $206 per record. The lowest costs were in the public sector, with costs of $75 per record.
It is estimated that only 33 percent of the industry has taken preventative measures to protect themselves properly. Healthcare organizations worldwide have been entrusted with billions of patients’ records and the expectation to protect their identities. It is imperative that these healthcare organizations have the best tools in order to secure it from all attacks and prevent future attacks. That is a tall order.
Three Things to consider in examining Healthcare Cyber Security
First: The growing trend of BYOD to work can create issues for everyone involved.
BYOD without policies and guidelines can wreak havoc for the company. For example, people often use their work email address for personal communications, and/or they don’t know how to disable certain device tracking settings, such as cookies, that track their every move. Unfortunately, the average employee doesn’t see it as an issue. It’s like leaving the backdoor open for people to send phishing emails. For the average employee, it’s difficult to know what’s real and fake.
Second: Sophisticated targeted phishing attacks
It’s estimated that 90 percent of all cyber attacks are successfully executed with information stolen from employees that unwittingly give away their system information and access credentials to hackers. In a recent survey, 95 percent of respondents underestimate how frequently phishing is at the start of attacks to successfully breach networks. While phishing attacks are often linked with emails, phishing attack vectors are expanding beyond email to other vectors including advertisements, search results, pop-ups and social media.
To try to prevent these emails from getting through, we need to constantly seek to improve the environment by adding traps that identify whether our users should trust the senders or not.
Third: A Continual Rise in Identity Theft
According to Experian’s Identity Theft Statistics for 2017, there were 158 million social security numbers and 16.5 million credit card numbers stolen. A staggering 27 percent of those thefts belonging to the healthcare industry. This number alone should cause us to seek solutions to protect our patients.
This creates the need for us to have a presence on the internet and for patients and employees to communicate with us in that world. At the same time, we need internal systems to prevent attackers from being able to monitor the activity within our networks. This is where our IT providers have to lead and protect all healthcare patients and employees.
Two Simple Steps to fighting this continual battle against cyberattacks:
One: Continuing Education
Implement a mandatory, continuing education program for your employees. This will help them understand how their personal actions on business devices, emails, can have a detrimental effect on your organization.
Two: Have the right battle plan (process) and weapons (tools) in place
Just as the hackers never sleep and their methods are constantly changing, so too should our battle plan. It should be an everchanging process, constantly being implemented, evaluated and retooled. Yes, this mandates that we make a significant investment in the tools we use to keep our infrastructure safe. The battle rages on but we must do our best to protect our organization, our employees and our patients.
Ron Prevatte is the Director of Sales and Business Development with Integrated Solutions.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: