Healthcare Cybersecurity: Plans Must Be Enacted
Ask anyone what they fear being compromised in a cybersecurity breach, and you’ll hear a pattern in their responses: Social Security numbers, credit card and banking information, personal photos. But healthcare information? A compromise of confidential information related to your health might reveal something embarrassing, or even concerning to your loved ones…but can it really damage your life?
Just ask patients of Clay County Hospital. Last year, administrators of the small Illinois hospital received an email from a hacker who had hacked into their system, gained access to more than 12,000 patient records, and was now holding those records for ransom.
This was hardly an isolated incident. The average person outside the health industry might be surprised to hear that healthcare organizations average one cyber attack per month. At least one in nine Americans have had their health records compromised in some way.
Nor was it simply due to a small rural hospital’s not having the resources to protect their online database. Earlier that same year, health insurance giant Anthem was the victim of a similar cyber attack.
Technological Improvements Require Higher Security
The growing trend for healthcare to move to a more efficient and integrated electronic record-keeping system has its downside: these health records are increasingly vulnerable to digital theft.
Cybercriminals want these records for the vast amount of personal information they contain. Consider all the data your healthcare provider takes from you before you ever see a doctor: your insurance information, your payment details, your address. Everything a thief needs to obtain bank loans, commit tax fraud, or send fake bills to insurance providers is contained within your medical records.
Much of the new information regarding cyber attacks on hospitals and the extent of their readiness comes from the results of Ponemon Institute’s recent study “The State of Cybersecurity in Healthcare Organizations in 2016 study.” The study finds the most common security incidents involve exploiting existing software vulnerabilities and web-borne malware attacks.
“With cyber attacks against healthcare organizations growing increasingly frequent and complex,” the Ponemon study states, “there is more pressure to refine cybersecurity strategies.”
Ensuring Patient Safety
It falls to the hospital’s health information management director to implement strategies that ensure the safety of patient medical records and guard against the financial and reputational damage that befalls a hospital whose cybersecurity is compromised.
With a mere 33 percent of respondents rating their organizations’ cybersecurity measures as “very effective,” healthcare companies are urged by this study and other industry experts to invest much more than the current 12% average of their IT budget into hiring personnel and implementing technology that protects their patients.
Sources linked to in article:
Sources referenced in article:
http://www.healthcare-informatics.com/news-item/healthcare-organizations-need-refine-cybersecurity-strategies-develop-incident-response http://kernelmag.dailydot.com/issue-sections/features-issue-sections/12688/identity-theft-medical-records-healthcare/#sthash.FlaW3A6K.dpuf http://business.eset.com/cybersecurity-healthcare-survey/