By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
We have had quite a year so far in 2020, and if you are in healthcare, you were hit especially hard with something that you likely didn’t adequately prepare to deal with. However, according to a recent report from Black Book Market Research LLC, the healthcare industry has no idea what could hit them in 2021. But with this particular threat, you can prepare.
What Might Happen?
We are hesitant to even say “might happen” because the odds are very likely that it will. What is this mystery threat?
A cyberattack.
We can hear the collective eye roll now… “oh, THAT…well, that isn’t news to me.” Perhaps not, but what IS newsworthy is that of the 2,464 security professionals that were surveyed for this report, 73% feel that their infrastructures are unprepared to respond to a cyberattack.
How. Is. This. Happening.
With 96% of those IT professionals surveyed confirming that they feel as if hackers are just moving too fast for them to keep up, it isn’t surprising. Humans have a tendency to just give up and let the fates have their way when they feel overpowered. Not many of us want to be David facing Goliath when it comes to facing the dark underworld of cybercrime. But if you could even reduce the risk of attack with a few modifications, shouldn’t you? With healthcare breaches, you’re not only putting the business that you work for at-risk of survival, but you’re also putting the patients that you serve at a disadvantage for identity theft and exposure of private health information. In a time when job security is ever important, you would think that at the very least, it would be critical to protecting your state of employment.
There are many factors that contribute to the insecurity of healthcare professionals facing a cyberattack. The Black Book Market Research report found that while the amount of money that is being spent on cybersecurity increases each year, it is often done IN RESPONSE to an attack, not in preventative measures. There is a lack of talent available to fill the demand for roles within the cybersecurity profession, with these jobs often taking 70% longer to fill than other jobs within the IT industry.
The lack of talent coupled with the onslaught of COVID-19 did not make the situation any better. There was the obvious opportunity for scams to occur with uncertainty about treatments and information. And the demand for products with masks, vitamins, and toilet paper also created an entry point for hackers to take advantage of consumers. But one of the largest issues came with the increase in remote workers. Suddenly we were all faced with creating home offices using equipment and software that were not up to the job or weren’t secure at all. With 90% of healthcare and hospital employees indicating that they did not receive any guidelines on how to do this safely, cybercriminals were just waiting to pounce. Was there any training on how to access these electronic files in a secure manner? Probably not.
There is good news. You can prepare. Starting today is better than waiting until tomorrow. Take time now to identify your risk factors, close the gaps with exposed risk factors, and make a plan on how you will react if and when a breach occurs. Create ongoing training programs that become as second nature as getting your CPR certification within the health field.
The opportunity to prepare is a gift, do not squander it and find yourself scrambling for a job or to save your business in the future.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE