Posted on Mar 4, 2020
Just five years ago, the healthcare sector was the highest targeted industry by cyber criminals, according to an IBM Cyber Security Intelligence survey. More than 100 million healthcare records were compromised in 2015 alone from more than 8,000 devices throughout 100 different countries worldwide.
Today, 70 percent of healthcare organizations report their security as being breached, the highest reported by any other vertical in the U.S. Most of these breaches expose sensitive patient data, such as financial and demographical information, that may be leveraged for identity theft.
As terrifying as these statistics are, thy shouldn’t come as a surprise. Healthcare data is extremely desirable as it contains a wealth of personal information, including Social Security Numbers, addresses, credit card numbers, and birthdays.
Unfortunately, the healthcare industry has not protected its most important stakeholders (i.e. the patients) as well as other industries have. Hospitals, insurance companies, doctors’ networks, and other healthcare institutions must invest hefty efforts and capital to ensure their systems are adequately protected. Sadly, this is easier said than done, resulting in substantial ramification, including financial and human impacts.
Here are the top costs of poor cyber risk management in healthcare, as well as proactive steps hospitals can take in order to protect their assets and their patients.
The personal data hackers can obtain from breaching a healthcare institution can be utilized to open new credit cards, create government documents, and empty out bank accounts. Two other scenarios are even more damaging: using details that are specific to a terminal illness or lifelong disease and long-term identity theft. Cyber criminals can leverage sensitive healthcare information, such as sexually transmitted diseases or terminal illnesses, to coerce victims into doing what they want.
These cyber threats don’t just mean financial losses for the patients. They could mean the loss of a human life. Malware attacks can shutdown healthcare devices and equipment, including pacemakers, insulin pumps, and light scopes, and even add tumors to MRI scans.
The cyber threat to medical devices is very real, making patient safety a greater concern than HIPAA compliance. The culprit behind these cyber threats are obsolete legacy systems with hardcoded passwords that hackers can easily find by running a simple Google search. Tight budgets make it tough to replace this antiquated software, enabling cyber attacks to hinder the ability to provide adequate care for numerous patients.
Last year, data breaches cost the healthcare industry $4 billion, with organizations paying out $423 per each breached patient record. This number doesn’t even factor in the costs tied to potential HIPAA fines and productivity loss.
While the aforementioned facts are troubling, the good news is that healthcare institutions can be proactive against cyber attacks by using some best practices, including:
SecurityScorecard enables hospitals and other healthcare institutions to glean valuable insight into their security positioning across the entire ecosystem of vendors and partners. Additionally, we help to track, discover, and report on the healthcare organization’s cyber health IT infrastructure to vastly reduce potential susceptibilities before cyber criminals can exploit them. SecurityScorecard is a valuable asset to healthcare organizations that need to prevent cyber attacks.
In today’s cyber world, it is imperative that the healthcare industry protects its assets and its patients. It’s not just finances that are at stake. It is also human lives.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.