From the treatments physicians offer patients to the computer software providers use to gather, protect and utilize patient information, it’s clear that the healthcare industry is taking a cyber-centric focus. As the healthcare industry advances its connectivity to the Internet and becomes more comfortable using mobile tools and applications, the risk for cyberattacks also increases. In recent years, unauthorized access and hacking attempts have put patient data and patients’ safety at risk, spurring a greater focus on healthcare cybersecurity and confirming its essential role in providing quality healthcare.
The Healthcare Industry Needs Cybersecurity
IBM dubbed 2015 the year of the healthcare breach due to the high rate of attacks targeted at the healthcare sector, with that year seeing 73,008,289 cybersecurity events. This means an event on a healthcare organization’s system or network was detected by a security application or device, according to IBM Security Services. These events included 1,596 direct attacks, which means the event was some type of malicious activity intended to collect, disrupt or eliminate information. The high number of direct attacks made healthcare the most heavily targeted industry, beating out manufacturing, financial service and government.
2016 proved worse in regard to healthcare cybersecurity. According to the seventh annual report by Redspin, published by Cynergistek, there was a 320-percent increase in the number of healthcare organizations that were attacked by hackers in 2016 compared to in 2015. Last year was also the first time a hospital was the victim of ransomware, a type of malware used to encrypt an entity’s data until a ransom is met.
What Cyberattacks Can Do
A cyberattack on a healthcare provider could lead to any of the following repercussions:
- Unauthorized access to patient files, including identifying and financial information.
- Patients’ personal records being released to the public.
- The removal or alteration of crucial facility or patient data.
- Interference with a facility’s electronic health records system.
- Interference with necessary diagnostic tools.
- Interference with a patient’s treatment.
- A shutdown of a facility’s network, system or electricity.
Anyone who has access to patient and provider information- physicians, nurses, facility administrators- can greatly benefit from education on the consequences of a breach and how best to prevent cyberattacks.
Where Healthcare Organizations Are Vulnerable
Cybersecurity events and attacks occur in a number of different ways such as malicious code, a sustained scan, suspicious activity and abuse of access or credentials, according to IBM. However, Redspin confirmed the most significant cybersecurity issue healthcare organizations face is unauthorized access to their systems, including from hackers. In 2016, 40 percent of all large healthcare security breaches involved unauthorized access or disclosure.
Healthcare organizations may be targeted because they are known to be particularly vulnerable, a report published by the ESSEC Business School stated. Many facilities and providers are behind in updating their infrastructure and cyber protections. They may also lack the expertise necessary to accurately assess risk, prevent both untargeted and targeted tasks and identify cybersecurity events as they occur. Employees who are poorly educated about using devices and internal systems properly also create holes within a facility’s cybersecurity from the inside.
Focusing on Implementing Cybersecurity
Cybersecurity is not just for major tech and financial companies anymore. All healthcare providers, from a physician’s small local practice to major hospital systems, must address their electronic security and risks. While implementing new and robust networks, security applications and user procedures can be costly and time-consuming, these tasks are necessary to ensuring patient and facility data is kept safe and private.
For providers who have yet to concentrate on cybersecurity or need to increase their efforts, risk assessment and management are the first steps, stated CEO of GreyCastle Security, Reg Harnish, for Forbes. Healthcare providers need to know where and why they are most at risk for a cybersecurity attack before they can determine what needs to be done and how to best allocate their budgets. Samsung pointed out that mobile devices and applications are a consistent threat for healthcare providers, particularly as telemedicine expands, more patients utilize wearable health devices and more physicians and medical staff use their own devices for work. Healthcare providers must specifically address the risks inherent in mobile devices and apps.
Beyond risk assessment, providers must strive to educate employees to reduce internal risks and plan ahead for how to respond to both small and large-scale cybersecurity breaches, Harnish recommended.
At Advanced Medical Reviews (AMR), network security is proactively monitored and upgraded to ensure the technology physician reviewers use to process peer reviews is secure and up-to-date. AMR’s client portal technology is an integral part of its independent medical review (IMR) services, so maintaining a commitment to security and privacy is essential. For the entire healthcare industry, cybersecurity will only become a more crucial element as technological advances and adoption of new technologies accelerate.