The health care industry is one of the biggest targets for cybersecurity attacks. In 2018 alone, nearly 300 data breaches affected 11.5 million patients, according to a Bitglass report. Cybercriminals see health care organizations as the perfect victim due to the amount of personal health data hospitals and large health care organizations manage.
Hospitals and health care organizations are required to report breaches affecting 500 or more individuals to federal authorities and within 60 days of the breach. The negative press alone, not to mention the financial impact, could be damaging to an organization that suffers a data breach. So, and where do these threats come from and how can these type of incidents be avoided?
Where Do Cybersecurity Threats Come From?
Cybercriminals have many methods for penetrating a network, but a common strategy they use in the health care industry is phishing emails. It’s important to not only be able to identify incoming threats, but also know what happens next if an unauthorized party does access a network.
Phishing attacks are a leading cause of breaches in the health care industry, and something that can be avoided internally. Phishing emails come in a variety of types, but all have the same motive of fooling the recipient into taking an action so the cybercriminal can gain access to the organization’s network or obtain sensitive info. Through phishing, cybercriminals gain access to the network through a legitimate-looking email opened by an employee, who then might innocently open an attachment or provide key information such as a username, password or account number. Educating staff on how to identify and react to a phishing email is vital in ensuring cybercriminals are prevented from entering the network.
Once a cybercriminal enters the network, ransomware can be deployed locking the facility’s information systems, demanding a ransom be paid to unlock it. Patient and other records may or may not be stolen during these attacks. Whether or not an entity is able to remediate the breach without paying the ransom, dealing with these attacks is costly. In addition to the frustrations and costs incurred by a typical business, ransomware deployment in a medical facility may disrupt patient care, possibly with life-threatening implications.
Protecting Against Data Breaches
Aside from outdated software and systems, one of the biggest threats to a health care organization’s security is its own employees. Because of this, it’s critical that employees are regularly trained on their role in maintaining security and how to recognize and process illegitimate emails.
To protect yourself and your organization from this industry epidemic, there are actions you must take:
- Reevaluate security policies and procedures to mitigate data breaches,
- Review, test, evaluate and modify any incident response and data breach plans, and
- Conduct regular training and education for employees.
The cybersecurity advisors at Anders can help you implement the best cybersecurity practices to protect you and your organization. Learn more about Anders Technology Services or contact an Anders advisor to see how we can help you mitigate security risk and defend against a costly cyberattack.All Insights