Just how bad is the security landscape in healthcare? In 2017, the Department of Health and Human Services Office for Civil Rights reported that 358 breaches of 500 or more records impacted more than 5 million individuals, according to HIMSS Analytics.
What’s more, a 2018 Ponemon report focusing on the financial impact of breaches notes that the per capita cost of a health breach is $408. That’s nearly double the per capita cost of a financial industry breach ($206).
Money aside, poor digital security practices and setups also represent a safety hazard to patients. Take a look at the National Health Service in the United Kingdom, which was battered by the WannaCry ransomware attack in May 2017; many organizations had to turn away patients in need, unable to access their systems.
Cybersecurity is such an issue in healthcare that the ECRI Institute labeled it the top health technology hazard for 2018.
In the midst of increased data collection and a growing threat landscape, healthcare organizations must prioritize cybersecurity.
Build a Foundation
As mobile device use grows, so do opportunities for hackers to wreak havoc in healthcare and other industries. According to the Pew Research Center, 95 percent of Americans now own a cellphone, with 77 percent of those owning a smartphone. That’s up from just 35 percent in 2011. More devices than ever before are supported by hospital networks.
Healthcare organizations, therefore, must be as proactive as possible when it comes to cyberthreats. Deployment of security solutions, including network access control tools and next-generation firewalls, is crucial to intrusion and malware prevention, and application and identity control. Strategies such as segmentation can assure that network access is limited to only those who truly need it.
At the same time, providers must ensure rudimentary security needs are met, including patch management and password protection. Training for the entire organization must also be a high priority, as security impacts all individual clinicians, staff and contractors. Implementation of advanced solutions without a solid security foundation in place is a waste of time and resources.
According to HIMSS Analytics, 60 percent of healthcare providers now call risk assessment the top driver for security investments, ahead of HIPAA compliance. While that shift represents the reality that digital security is an enterprisewide issue, organizations should still emphasize knowledge of federal health privacy regulations, as ignorance of the law is no excuse for a violation. In fact, failure to adequately prepare for digital threats could mean larger fines from the Office for Civil Rights in the event of a breach.
While spending more on security is no guarantee of success, nearly three-fourths of respondents to the HIMSS survey identified budget as the biggest barrier to security improvement; most healthcare organizations spend 6 percent or less of their total IT budget on security.
Cybersecurity will continue to grow as a problem for the healthcare industry. Providers must invest wisely so as not to put the health of their organizations and, more importantly, their patients at risk.
This blog post brought to you by: