Healthcare providers and organizations are becoming a major target for cybercriminals who tap into poor security controls and vulnerable clinical networks to gain access to medical databases and devices. Within the first two months of last year, more than 20 healthcare providers had already had databases breached, exposing patient data for over a thousand patients in every case.
That’s up 60% from 2017, the year prior for the same period, and because many attacks go unreported the actual number of breaches is significantly higher. Only 53% of public sector and healthcare security decision makers report attacks on their networks.
1. Cyber attacks on healthcare providers have gone viral
The Anthem Health Insurance is one of the largest cyberattacks ever recorded in healthcare. The breach exposed personal patient information—including names, home addresses, Social Security numbers and birthdates of more than 78 million former and current members and Anthem employees. Premera Blue Cross and Excellus BlueCross Blue Shield went through major attacks exposing information of more than 21 million patients.
And the cost and risk connected with these cybercrimes is significant. A breach that exposes data can put confidential health information of millions at risk, hinder the provision of quality care to patients and create a painful financial burden for the healthcare organization.
2. Healthcare data is ridiculously valuable
So, what’s fueling all the cyberattacks in the healthcare industry? One reason is the high value of stolen data. Unlike financial data that has a short shelf life after it being stolen, medical data never expires.
Because health care data is more appealing to cybercriminals than personal or financial data, selling for a high price on the black market. A “Health Warning” report by McAfee Labs shows that cybercriminals are focusing more time and resources on exploiting and monetizing patient data.
So, it’s no surprise that securing healthcare data has become a key priority for CISOs and CIOs in healthcare. Even though the scale and looming consequences of stolen health data are painfully obvious, the healthcare industry is largely underprepared to respond to the current levels of cybercrime.
Security experts are working on different measures to protect patient data. Most of them advise their healthcare clients to invest in in-depth perimeter security defenses to help protect their organization’s network; however; they may overlook one of the most critical factors in healthcare cybersecurity and that’s the human element.
Healthcare providers are focused on patient experience and the quality of care, so “information security training” doesn’t always rank high on their priority list. Of the health care IT department respondents to the 2017 Forrester Global Business Technographics Workforce Recontact Survey, only 30% responded that they received training on protecting workplace data, and only 38% were aware of their company’s data security policies.
3. More IT Security training is mandated
While most healthcare providers have security policies, not enough attention is paid to them. That means employees are more vulnerable to phishing emails, clicking on suspicious links, or downloading malware disguised as harmless apps or extensions.
Meaning that patient data can be protected from these common threats by designing, implementing and reinforcing proper data security training. Aggressively protecting patient data involves the creation of an ongoing security training program.
A high-level risk assessment must be performed measuring the effects of device malfunctions, system outages, stolen data and manipulated data. After the risk assessment is completed, a list of desired behaviors and guidelines regarding data and overall IT security should be developed.
The program should be targeted towards employees whose functions, actions and inactions are critical to data security. Security messages that aren’t role-relevant may never be read.
New forward-thinking techniques for protecting healthcare data is needed.
- Building a thorough disaster recovery strategy
- Hiring trained IT personnel and cybersecurity experts to review IT systems, architecture and networks
- Using machine learning (ML) and intent networking to preemptively discover and mitigate threats
Due to the constantly evolving nature of the cyberthreat landscape and its current focus on medical data, cybersecurity must become a top priority for health care organizations. There is a growing need for healthcare organizations to implement data security best practices and improve cybersecurity strategies to secure patient data while delivering quality healthcare.
Up Your Patient Data Protection
Ready to get started? Our experts at MicroAge can help you build out your security strategy and prepare you against disasters and attacks. Email firstname.lastname@example.org to schedule a meeting with one of our account executives.