Healthcare is the #1 targeted industry for a cyber-attack according to the 2016 IBM X-Force Cyber Security Intelligence Index. In the last 18 months, healthcare has experienced a sharp increase in cyber-attacks: hacking, phishing, ransomware and other malicious software. Experts anticipate that cyber-attacks will continue to specifically target the healthcare industry which has vast amounts of valuable data.
Studies have shown that healthcare organizations frequently lack a strong security infrastructure that addresses people, process, and technology. According to the Internet Crime Complaint Center (IC3), cybercrime cost US-based businesses more than $1.07 billion dollars in 2015. Whether you operate a small healthcare business with just a few employees or a large organization, you should familiarize yourself and take proactive steps against a cyber-attack.
In the most basic sense, cybersecurity refers to practices, policies, and technologies that are designed to protect computers, servers, networks and connected devices from unauthorized access, while also mitigating the risk of damage in the event of an intrusion. Cybersecurity includes both physical preventive measures as well as digital. Locked doors and video surveillance systems, for instance, are physical forms of cybersecurity, while antivirus software, network monitoring services, and data encryption are forms of digital cybersecurity.
Hospital employees are prime targets! One computer user clicking on one link within an email or while visiting a website can lead to a catastrophic compromise of a hospital’s data or infrastructure. In late 2014, patient safety organization ECRI Institute called the cybersecurity threat a patient safety issue.
According to Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, Ponemon Institute, May 2016, 89% of healthcare organizations have experienced a data breach involving a loss or theft of patient data, costing the industry $6.2 billion. Each incident averages $2.2 million. The study also found that the average cost per compromised patient record was $158, up from $154 in 2015.
Aside from the direct monetary cost, cybercrime also has indirect effects on your healthcare business, such as lowering the trust and confidence of your respective patients. If a patient discovers that his or her personal information was compromised by your organization, that patient may view you as being untrustworthy. Even if you weren't responsible for the data breach, patients, providers, and business associates may think twice before doing business with you in the future.
Decisions that affect patient safety, value-based care, and market share require careful consideration to protect your most valuable asset – information. Realize that there is no such thing as 100% security and having an iron-clad cyber defense program is beyond most organizations’ capabilities. However, there are reasonable practices that all organizations can implement to minimize the impact and safeguard your organization from cybercrime such as: