Greatest Cybersecurity Threats to Healthcare

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

20/20 Vision in 2020
What lies ahead for the healthcare industry in 2020? Like patient health, we can’t predict the future accurately, but we know that preventative care can go a long way when we know the risk factors.

If you’re in the business of patient care, whether that is through treatment or within a business associate partnership, your responsibilities extend beyond prescriptions and record keeping. As a business, you too need to take preventative care in maintaining the health of your business.

CyberMDX did a comprehensive report that identifies the issues affecting the healthcare industry. They reviewed data from 2019, including the 40 million medical records that were affected by a breach, looked at information from hundreds of facilities and over a million data points, then combined it with industry and cybersecurity expertise to deliver some information that all healthcare providers and business associates need to be aware of.

What Can You Do?
We recommend reading the report in detail, but for a quick overview, here is a summary of some important points.

  • Are you a US-based mid-sized business? Hackers are finding success when targeting your profile. Especially when you’re not located in one of the nation’s largest population areas.
  • Healthcare data is valuable. With a price tag that can go up to $1000 per record, medical information and the data that surrounds research is worth the time for cybercriminals. Not sure how that compares? Your coveted social security number is only worth about $1 – but a lot of those can add up if acquired! Think your credit card is the real steal? Nope, coming in at just $110, it pales in comparison to the medical record.
  • It’s not just your laptops, logins, and networks that you need to be cognizant of. Medical devices are five times (yes, FIVE) more likely to be vulnerable to security vulnerabilities named “URGENT/11” compared to standard network equipment and devices. These 11 vulnerabilities can allow anyone to remotely access and take control of those medical devices. This alone should stop us all in our tracks. With 80% of device makers reporting that medical devices are difficult to secure, the pressure needs to be also on them to meet standards.
  • 71% of Health Delivery Organizations admit that they lack a comprehensive security program. Do not be part of that statistic. Work with a certified IT department, hire a cybersecurity expert, and ensure that you are prepared with cyber insurance for WHEN it happens. Don’t know if you have it? ASK.

The healthcare industry is the most targeted industry in cybercrime. That statistic hasn’t changed, and the attacks continue to rise rapidly. You must ask the questions today that you don’t understand so that you are not asking them in the middle of a breach. Prepare today for what will inevitably happen tomorrow.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.

HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.

Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE