Over the last year it seems like organizations throughout healthcare have been un-proportionately targeted with cyberattacks. The healthcare industry has been the number one target of attacks for several years now—with over a billion dollars in losses from such attacks.
To put things into perspective, a healthcare breach costs up to $400 per patient. Even a relatively minor breach of data could end up costing your organization much more than your investment in sound security practices.
33 Percent of healthcare organizations take effective measures to protect their data. Nearly two-thirds are under-protected (i.e., not investing in the right type of security).
The lack of cybersecurity in healthcare is a major reason why they are getting attacked at higher rates than most other organizations. (Another big issue is that healthcare organizations have sensitive data that can actually be sold for big money on the Dark Web—parts of the web where criminals lurk).
What many healthcare organizations have learned in hindsight is how critical it is to not only have infrastructure, policies and procedures in place to keep your data safe, but also to ensure you are able to minimize impact from an attack if your network gets breached.
How have some healthcare organizations successfully protected their sensitive information?
Identify what they need—organizations that take their cybersecurity seriously take proactive measures to identify both internal and external gaps in security to ensure their data is secure and their security solutions are tailored to your unique needs. By understanding where your sensitive information—mainly Protected Health Information—is stored on your systems and where it moves to and from your office, ensures that you will be able to identify all risks associated with your network’s security of that data day-in and day-out.
Protect their users—endpoints (that is, the computers that anyone on your staff uses regularly) remain the hardest component of security for most healthcare organizations. One of the easiest ways hackers penetrate networks is through computers that are not well-protected. Your IT Support probably isn’t able to detect malicious activity because they have no way of tracing it. Your users don’t understand or have measures in place to prevent them from doing things online that they shouldn’t. Making sure your users and their technology is secure is probably the most impactful way you can keep your organization safe.
Protect against phishing attacks—phishing attacks are up by nearly 85% this year (and year-over-year since 2011). Those phishing attacks are getting more targeted, more believable and more devastating. Rather than simply asking for money wired to an account, phishing attacks are getting so specific that often, people in your office might not even question malicious requests.
Make sure your team protects their identities—identity theft has also grown in the last couple of years. One area that many healthcare organizations overlook when thinking about network security in the context of staff identities. The biggest problem with identity theft and healthcare security is that many healthcare workers have gotten in the habit of using the same password credentials for work and social media accounts. With frequent cyberattacks on Facebook, LinkedIn and other social media accounts, your office’s network may be at risk—that is, if your team members reuse passwords over and over again or never change out old passwords.
Educating their users—many organizations that are on top of their security implement mandatory education policies. That is, a continuous education program for employees to get them to understand how their personal actions on business devices, emails, etc., may put them and you at risk. By creating a dialogue and awareness program rather than simply checking a box on your HIPAA risk assessment, you are helping to ensure that everyone is on the same page on securing your office.
Continuously evolve their security strategy—while education and user awareness is one big key to the security puzzle, hackers and cybercriminals are always devising new ways to penetrate your network. Today it might be brute-force password discovery, tomorrow or next week it might be something entirely different and unexpected. By spending time figuring out how you should be confronting threats, learning about those threats and creating security strategies to address current and future threats, your organization will keep hackers from targeting you.
Get the right tools in place—many organizations say that it’s simply too expensive to invest in cybersecurity. My answer to them is if you had the right tools in place you’d probably save money on how you operate your IT infrastructure and secure your network. I strongly believe that having the right tools in place reduces waste and complexity in your network environment. Security should not make life harder, more complex, or more expensive. Contrary, the more complex your network and processes are the more susceptible you are for an attack (because you overlooked something critical).
Is your organization safe from cyberattacks? Cybersecurity experts recommend checking with a network security assessment.