Innovations for healthcare that ensure patient privacy, while transforming care delivery
Although technological developments have led to our current era of medical and scientific innovation, these very same solutions are subject to potentially crippling IT security vulnerabilities. These flaws, if exploited, can unleash devastating attacks that release countless volumes of sensitive and confidential information or even impede the organization’s ability to provide care to its patients.
According to a June report from the U.S. Department of Health and Human Services, the state of cybersecurity within healthcare organizations remains woefully inadequate. In 2015, for example, the healthcare industry fell victim to more malicious data breaches than any other field. In a survey by consulting firm KPMG, nearly half of healthcare providers—47%—said that their data had been compromised by a HIPAA violation or cyberattack.
Fortunately, there are a variety of solutions available to those healthcare organizations that are aware of and concerned about these dangers. Healthcare providers owe it to both their employees and their patients to understand the cybersecurity threats they face and to take clear and forceful steps to protect themselves.
The growing cybersecurity menace for healthcare
With new security holes and malware applications coming to light on a weekly basis, few things in life change as rapidly as the IT security threat landscape. For those organizations that don’t keep up, the repercussions can be drastic. The Ponemon Institute estimates that the average cost of a data breach for healthcare organizations is over $2.2 million, even without counting the damage to reputations and stock prices.
Two of the most serious—and the most persistent—threats faced by healthcare organizations today are ransomware and DDoS (Distributed Denial of Service) attacks.
Ransomware
Ransomware reached world news headlines for the first time in May when the WannaCry malware infected hundreds of thousands of machines, holding users’ files hostage until they paid a sizable fee to the attackers. It’s not hard to imagine, of course, how preventing the use of files and machines could have a devastating effect on healthcare organizations.
The threat of a ransomware attack in the healthcare industry doesn’t seem to be slowing down either. According to the Verizon 2017 Data Breach Investigations Report, 72% of malware attacks in 2016 were caused by ransomware. Hackers are aware of just how critical data is to a hospital’s operations. Therefore, many hospitals feel forced to pay to remediate disruptions.
DDoS attacks
Recent DDoS attacks, like the one in October 2016 that temporarily brought major tech companies and media outlets to their knees, have shown the effectiveness of denial of service strategies. DDoS attacks have gone from a mere annoyance to a serious threat to companies’ well being. Like protesters blocking the entrance to a business, DDoS attacks aim to prevent legitimate users from accessing a website or network by flooding it with malicious traffic.
As with ransomware, DDoS attacks are also a rising threat in healthcare. According to one study, DDoS attacks have increased 13% since 2016. DDoS attacks disrupt access both directly and indirectly when used by hackers as a decoy to gain traction into another network and execute another type of attack, such as ransomware.
Cybersecurity best practices for healthcare organizations
Although these malicious attackers are intelligent and creative, healthcare providers are by no means helpless against these intrusions. Some of the best practices for cybersecurity include the following:
- Patching early, patching often. Patching and updating your systems and software is one of the simplest yet most effective actions against cyber intrusions, but far too many organizations don’t have an up-to-date strategy in place.
- Recruiting the machines. Artificial intelligence and machine learning techniques are some of the most powerful tools in the box for cybersecurity. Besides identifying security events of potential concern, AI can be used for robotic process automation, handling low-level IT tasks and freeing up your domain experts for more useful activities.
- Winning over stakeholders. Far too often, companies perceive cybersecurity as an “IT problem” whose mitigation is entirely the domain of the IT department. To change this perception, key stakeholders across the organization need to understand how IT security risk affects business risk, how they can modernize outdated business processes, and how they can work to align IT and business objectives.
How technology can help
Healthcare organizations perform life-saving work, so they need more than stopgap solutions. Healthcare providers must establish a comprehensive strategy that properly addresses the challenges of the changing IT threat landscape.
At the same time, doctors, nurses, and other clinicians need access to information such as electronic medical records in order to deliver a high standard of care to their patients. These documents must be available from wherever these clinicians operate, provided in compliance with HIPAA regulations and safeguarded from potential attackers.
A proper security strategy implements technologies that enable organizations to maintain security, privacy, compliance, and safety while evolving their IT environment to increase clinician mobility and optimize patient outcomes. Our solutions for healthcare help customers transform the clinician and patient experience and accelerate organizational change, all while safeguarding electronic protected health information and other sensitive data.