By Art Gross, President and CEO, HIPAA Secure Now!
Twitter:Â @HIPAASecureNow
Cybercriminals have been targeting the healthcare industry for years. As healthcare has become the second largest sector of the U.S. economy, it should come as no surprise that the industry receives special attention from hackers. Aside from its size, what else accounts for the indisputable interest cybercriminals have in exploiting healthcare?
Hackers Set Sights on Healthcare
FortiGuard Labs reported that in 2017, healthcare saw nearly 32,000 intrusion attacks per day per organization, over twice that of other industries who saw on average 14,300 attacks per organization per day.
Healthcare data is abundant in volume and value. Cybercriminals know that the risk is worth the reward when it comes to financial gain associated with compromised health records. Stolen patient data brings in the big bucks on the Dark Web, where cybercriminals can buy and sell records to use for various crimes, including identity theft.
Despite the healthcare industry being targeted relentlessly, it seems that cybersecurity spending remains a low priority for many organizations. Many providers have tight budgets and struggle to allocate funds for IT spending, and when they do, those funds may go solely towards endpoint security. While traditionally devoting IT resources only to endpoint security may have been enough, in the modern era of mobile and Internet of Things (IoT) devices, resources should also be dedicated to other areas concerning cybersecurity. If employees are not well trained in security awareness and are unfamiliar with how to spot malicious attempts by cybercriminals, endpoint security, such as a firewall will not protect an organization.
What’s the Big Deal?
According to Peter Carlisle, EMEA at Thales eSecurity, a cloud, and data security company, healthcare breaches can cause a lot more damage than compromising your identity, in fact, it could be the difference between life and death.
Carlisle also explains how a data breach could result in a patient getting incorrect medication or cause a patient to not receive treatment for a life-threatening condition.
In addition, the increasing number of IoT devices in healthcare put lives at risk, as these devices bring concerns regarding data security and management. IoT devices are being used to power various resources, such as pacemakers, glucose monitoring for diabetic patients, and coagulation self-testing to name a few.
Weak data security measures and the management of such devices could also lead to life-threatening consequences for patients.
What Can You Do?
Ensure that your organization is making cybersecurity a priority. While budgets may not allow for you to implement all the security measures you wish you could, do not undervalue the importance of training your employees on security awareness. By educating your employees on cybersecurity best practices and how to spot malicious attempts by cybercriminals, employees can act as the first line of defense in protecting your organization.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.