(913) 396-8321

Introduction to Cybersecurity: What You Should Know

Introduction to Cybersecurity: What You Should Know Image

Healthcare is the #1 targeted industry for a cyber-attack according to the 2016 IBM X-Force Cyber Security Intelligence Index. In the last 18 months, healthcare has experienced a sharp increase in cyber-attacks: hacking, phishing, ransomware and other malicious software. Experts anticipate that cyber-attacks will continue to specifically target the healthcare industry which has vast amounts of valuable data.

Studies have shown that healthcare organizations frequently lack a strong security infrastructure that addresses people, process, and technology. According to the Internet Crime Complaint Center (IC3), cybercrime cost US-based businesses more than $1.07 billion dollars in 2015. Whether you operate a small healthcare business with just a few employees or a large organization, you should familiarize yourself and take proactive steps against a cyber-attack.

What is Cybersecurity?


In the most basic sense, cybersecurity refers to practices, policies, and technologies that are designed to protect computers, servers, networks and connected devices from unauthorized access, while also mitigating the risk of damage in the event of an intrusion. Cybersecurity includes both physical preventive measures as well as digital. Locked doors and video surveillance systems, for instance, are physical forms of cybersecurity, while antivirus software, network monitoring services, and data encryption are forms of digital cybersecurity.

How Cybercrime Affects Healthcare


Hospital employees are prime targets! One computer user clicking on one link within an email or while visiting a website can lead to a catastrophic compromise of a hospital’s data or infrastructure. In late 2014, patient safety organization ECRI Institute called the cybersecurity threat a patient safety issue.

According to Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, Ponemon Institute, May 2016, 89% of healthcare organizations have experienced a data breach involving a loss or theft of patient data, costing the industry $6.2 billion. Each incident averages $2.2 million. The study also found that the average cost per compromised patient record was $158, up from $154 in 2015.

Aside from the direct monetary cost, cybercrime also has indirect effects on your healthcare business, such as lowering the trust and confidence of your respective patients. If a patient discovers that his or her personal information was compromised by your organization, that patient may view you as being untrustworthy. Even if you weren't responsible for the data breach, patients, providers, and business associates may think twice before doing business with you in the future.  


Cyber Security Best Practices


Decisions that affect patient safety, value-based care, and market share require careful consideration to protect your most valuable asset – information. Realize that there is no such thing as 100% security and having an iron-clad cyber defense program is beyond most organizations’ capabilities. However, there are reasonable practices that all organizations can implement to minimize the impact and safeguard your organization from cybercrime such as: 

  • Focus on your people; provide education and awareness on phishing and ransomware to mitigate the risk of cyber intrusion. Social Engineering is the #1 detrimental security factor for healthcare organizations according to the 2016 Annual Healthcare Industry Cybersecurity Report, Security Scorecard, October 2016
  • Conduct a risk analysis and cybersecurity assessment to assess your current safeguards and controls for preventing/defending against phishing and ransomware
  • Have a cyber incident response and business continuity plan in place, conduct regular tabletop exercises
  • Implement technical and procedural prevention such as email, web gateways and intrusion detection solutions
  • Keep all operating systems, software and programs updated to the most recent version and current patches
  • Vet your business partners to attain reasonable assurance of their HIPAA compliance
  • Document your cybersecurity policies and practices
  • Secure mobile devices which can pose a cybersecurity threat to your entire network.
  • Create strong passwords; practice what is in your policy
  • Give each employee a unique identifier to access your business's computers and network
  • Create backups of your data on a regular basis; store those backups outside of your regular server and network

This article was brought to you by tw-Security - Dedicated to helping healthcare organizations protect their information resources by creating and managing information security programs. For more information security news, updates, and more on our services, please visit our website.

Jun 23, 2017

follow us in feedly