Despite increased spending on IT, healthcare still lags behind other industries particularly other regulated industries like finance or government. In Symantec’s newly released 2017 Internet Security Threat Report (ISTR) for Healthcare, analysts found the industry contributed to the second highest security incidents in the services sector in 2016.
Key findings from the report include:
- There will be more planned and targeted attacks, including more ransomware impacting healthcare through an increase in smaller incidents.
- There is a growing understanding that the risk is not just about patient data, but about patient care delivery, and potentially, even about patient health itself.
- The industry has started to recognize that merely being HIPAA compliant is not sufficient to fend off today’s sophisticated and targeted attacks. Security has to be recognized as an equal requirement to compliance rather than merely an extension of it.
The report points out that while security and compliance are related forces driving investment in security, they are not the same thing. From the report:
[content_box type=”without-header” text_color=”dark” color=”default”]
Historically, some in the healthcare industry believed that if you were compliant, you were secure. Others felt that if they had good security, they’d be compliant. Clearly, as the industry has learned over the past several years, that is not the case. All too frequently, that has been a painful learning experience. Healthcare organizations need to think about how compliance and security are linked and then develop a new way to leverage each to support and enhance the other. Additionally, the increasing digital transformation of healthcare and interconnectivity across the organization and patient community has led to more awareness of the need for increased security investment. Ransomware, in an ironic turn, has done much to shift the focus from compliance to security and from IT to business. Healthcare organizations that have been impacted by ransomware, or even worse, shut down by a ransomware attack, learned that it was not IT operations that were shut down, but instead patient care, clinical operations, and billing because
Ransomware, in an ironic turn, has done much to shift the focus from compliance to security and from IT to business. Healthcare organizations that have been impacted by ransomware, or even worse, shut down by a ransomware attack, learned that it was not IT operations that were shut down, but instead patient care, clinical operations, and billing because patient information was not available.[/content_box]
Join us for a special HIPAA Chat as we invite David Finn, Health IT Officer for Symantec, for a conversation on the findings of the report with our host David Harlow. We will leave time for Q&A. Additionally, a copy of the report will be sent to all registrants post event.
Date – May 25
Time – 1 pm Eastern/10 am Pacific
Our host: David Harlow, JD MPH. David is a health care lawyer and consultant with a focus on digital health law and policy, starting with HIPAA and state law health care data privacy and security planning and compliance for covered entities and business associates, including health care providers, big data analytics shops and health app developers.