EZDI Blog

Why Security For The Healthcare Industry is Imperative

With the healthcare industry growing at a rapid pace and a major shift taking place towards value, ‘Security’ invariably has become a major concern. Especially with the recent, massive malware attack that tore through more than 150 countries and affected millions including the top transcription vendor of U.S healthcare industry.

According to the June 2017 report by IBM and Ponemon[1], healthcare data breach in U.S costs $225 per record, which is highest across all industries. In 2017, U.S Healthcare industry also leads among all industries in the number of records compromised (57% of total records) as per the study from the Identity Theft Resource Center[2]. Also, the healthcare industry is inadequately prepared to defend itself against smart cyber attacks as per Tenable Network Security’s 2017 cybersecurity report that gives a score of a 54% on the risk assessment meter[3].

All this depicts significant vulnerabilities that exist within intersection of technology and medicine. Today, hackers see the healthcare industry as a low hanging fruit and an easy target despite healthcare organizations spending billion of dollars on cybersecurity.

The sheer frequency of these attacks, along with evolution of more complex attacks and lack of sufficient security protection means hospital’s C-Suite cannot afford to be complacent about managing cybersecurity. They need to defend against these cyber attacks by identifying and prioritizing the security of their organization’s most valuable data and assets.

So what is a Cyber Ransomware Attack?

Typically, a ransomware is a malicious software, that affects your system in certain ways such as:

  1. Your files on systems will be encrypted or converted into a different language for which only the hacker has the cipher.
  2. It locks you out of your entire system and demands a ransom to give you back the access.

Impact of these Cyber-attacks

Cyberattacks cause serious complications such as blocked access to patient records, cancelled/rescheduled operations for several days, delayed treatment with patient care which could result in deaths, lawsuits and negative cash flow for hospitals. This cripples the hospital to move forward, making patients and the quality of care suffer.

Also recently, cyber attackers have become more sophisticated and dangerous. They are capable of operating undetected for an extended period of time, hence intensifying the damage to both bottom lines and reputation of hospital.

Adding to agony are the breach of regulatory compliances which have serious adverse consequences For e.g HIPAA’s monetary penalties could range from $100 to $50,000 per violation (with annual maximum fine per violation of $1.5 million), with aggregate penalties trending higher in recent years.

A study issued by IT consultant CGI and Oxford Economics on 65 companies affected by cyber security breaches since 2013, has concluded that such events as those having legal or regulatory consequences and which impacts organization’s brand, caused share prices to fall on average 1.8 percent on a permanent basis ( i.e on an average victims were worse off by humongous U.S $ 156 million)

As per findings by the 2017 Cybersecurity Business Report[4], Global ransomware damage costs are predicted to exceed $5 billion in 2017. That’s up from $325 million in 2015 – a 15X increase in two years, and expected to worsen. On the other hand ransomware attacks on healthcare organizations, that’s considered the No. 1 cyber-attacked industry, will quadruple by 2020 and that is a major concern.

Guidelines for A Cyber Security Plan

As noted, Cyber attacks are potentially one of the biggest threats faced by healthcare organizations today. And the long term ramifications of such attacks should be the concern of all departments including the C-level within the hospital, so that the hospital’s data, assets & patient’s interests are safe.

Every hospitals CFO’s has the bird’s eye view of the entire hospital’s threat landscape and they should allocate funds & resources to those areas where they are most susceptible to an attack. Thus they are central to an organization’s cyber defense strategy.

Here are the key points to prioritize and follow:

  • Develop Cyber Security Mindset Throughout Organization: Set up procedures & processes which create continuous education, awareness, and training across organizations. Because it takes only one unaware employee to open an attachment with a malicious virus that pulls down the entire system. The initiative for combating such attacks must start with the board, CEO, and the CFO. They must makes sure all employees are not only aware of their role but also follow processes to combat cyber attacks successfully.
  • Identify, Prioritize and Safeguard Crucial Data: Identify the data that is important, absolutely necessary and can not be be compromised. This will help you allocate funds appropriately and put better protective mechanisms around.
  • Adopt Risk Based Cyber Security Framework: These frameworks will help hospitals better identify, prioritize, mitigate and communicate risks internally and externally. This further helps design, monitor and measure goals towards improved cyber security programs. Frequently implemented frameworks are ISO 27001 and US National Institute of Standards and Technology (NIST).
  • Harness The Dynamism of Cloud Based Cyber Security: Cloud based softwares provide advanced technologies for data security, network protection and identity & access management. It includes a range of services such as advanced authentication, penetration and vulnerability testing, real time threat monitoring, threat intelligence, network behavior analysis as well as security alert analysis. Leading to top notch security, virtual zero downtime, faster data recovery mechanisms, easy scalability of applications as well as 100% availability of data.
  • Cyber Security Insurance: Cyber adversaries will keep on finding sophisticated ways to circumvent security safeguards. Hence to mitigate financial impact, buying healthcare insurance that covers denial of service attacks, data destruction, fraud and extortion. Other key areas of coverage include crisis management, data restoration and business interruption.

Security Checklist – A Must

  • Evaluate Incident Detection & Monitoring Mechanisms: Keep a list of contact information of key players from your network and internet service providers. Have a holistic network map that can help you conduct what/If analysis and can serve as a visual tool during your diagnosis of a threat.
  • Review Your Data Breach Response Plan: Keep your primary focus on what you would do in an event of a crucial data breach. Leverage your network security partners to compose a threat-based series of responses that are current industry best-practices.
  • Collect and Analyze Security Risks Reports On Periodic Basis: Based on specific risk indicators the detailed reports should provide privacy and security risks, vulnerable spots and steps needed to mitigate those.
  • Evaluate Current Technology: Make sure your systems are updated & upgraded on regular basis and are monitored in real time. Avoid dependence on legacy data centers that are prone to security loopholes, as well as corruptions, outages and failures.
  • Monitor Your Software Vendor’s Capabilities: Network with your CIO & CISO to evaluate, validate and mitigate security concerns after understanding vendor data, encryption methods, disaster recovery procedure, third party accreditations along with the security checks for the person who has access to data.

Sources:

Hardik Kevadiya

Hardik Kevadiya

Hardik Kevadiya is a Senior Manager, Business Development and Marketing at EZDI, Inc. - an AGS Health Company. Hardik is passionate about Healthcare Information Technology and Innovations - Innovations that enhance human lives. He is also a healthcare trend and news follower, his passion for helping Healthcare IT professionals in all aspects of online trends and research flows through in the expert industry coverage he provides. In addition to writing for EZDI, Hardik also mentors a team of Data Analysts and Marketing professionals.

Subscribe to our Newsletter