Just five years ago, the healthcare sector was the highest targeted industry by cyber criminals, according to an IBM Cyber Security Intelligence survey. More than 100 million healthcare records were compromised in 2015 alone from more than 8,000 devices throughout 100 different countries worldwide.
Today, 70 percent of healthcare organizations report their security as being breached, the highest reported by any other vertical in the U.S. Most of these breaches expose sensitive patient data, such as financial and demographical information, that may be leveraged for identity theft.
As terrifying as these statistics are, thy shouldn’t come as a surprise. Healthcare data is extremely desirable as it contains a wealth of personal information, including Social Security Numbers, addresses, credit card numbers, and birthdays.
Unfortunately, the healthcare industry has not protected its most important stakeholders (i.e. the patients) as well as other industries have. Hospitals, insurance companies, doctors’ networks, and other healthcare institutions must invest hefty efforts and capital to ensure their systems are adequately protected. Sadly, this is easier said than done, resulting in substantial ramification, including financial and human impacts.
Here are the top costs of poor cyber risk management in healthcare, as well as proactive steps hospitals can take in order to protect their assets and their patients.
The personal data hackers can obtain from breaching a healthcare institution can be utilized to open new credit cards, create government documents, and empty out bank accounts. Two other scenarios are even more damaging: using details that are specific to a terminal illness or lifelong disease and long-term identity theft. Cyber criminals can leverage sensitive healthcare information, such as sexually transmitted diseases or terminal illnesses, to coerce victims into doing what they want.
These cyber threats don’t just mean financial losses for the patients. They could mean the loss of a human life. Malware attacks can shutdown healthcare devices and equipment, including pacemakers, insulin pumps, and light scopes, and even add tumors to MRI scans.
The cyber threat to medical devices is very real, making patient safety a greater concern than HIPAA compliance. The culprit behind these cyber threats are obsolete legacy systems with hardcoded passwords that hackers can easily find by running a simple Google search. Tight budgets make it tough to replace this antiquated software, enabling cyber attacks to hinder the ability to provide adequate care for numerous patients.
Last year, data breaches cost the healthcare industry $4 billion, with organizations paying out $423 per each breached patient record. This number doesn’t even factor in the costs tied to potential HIPAA fines and productivity loss.
How healthcare can prevent cyber attacks
While the aforementioned facts are troubling, the good news is that healthcare institutions can be proactive against cyber attacks by using some best practices, including:
- Monthly IT system assessments: Hospitals can review their security policies to uncover any vulnerabilities before an attach happens.
- Educate employees: Healthcare organizations must thoroughly educate their current and future employees on all HIPAA rules and regulations that include patient privacy Additionally, they should establish a culture of security and remind employees to be on the lookout for unattended medical devices and/or paper documents.
- Establish a sound legal counsel: Hospitals should have a legal team in place in the event a breach does occur to deal with the investigation, patient lawsuits, and civil rights and HIPAA fines.
- Be wary of the internet of medical things (IoMT): Connected devices, including GPS trackers, can boost potential attacks. Healthcare institutions need to keep close tabs on any IoMT devices that enter onto the premises.
- Plan for the unexpected: Healthcare organizations should always routinely back up their patient files for simple and quick data restoration and should store them off of their main system.
- Invest in an information security system: Hospitals should invest in a cyber security system that allows them to posture themselves above attacks.
How SecurityScorecard can help
SecurityScorecard enables hospitals and other healthcare institutions to glean valuable insight into their security positioning across the entire ecosystem of vendors and partners. Additionally, we help to track, discover, and report on the healthcare organization’s cyber health IT infrastructure to vastly reduce potential susceptibilities before cyber criminals can exploit them. SecurityScorecard is a valuable asset to healthcare organizations that need to prevent cyber attacks.
In today’s cyber world, it is imperative that the healthcare industry protects its assets and its patients. It’s not just finances that are at stake. It is also human lives.