Cyberattacks: A Plague in Healthcare

Rise in Cybercrime

Central Ohio Urology Group’s 2016 cyber attack, a leak of 223GB of sensitive data, made many local health care providers stop and wonder: can this happen to us?

Statistically speaking, the answer is yes, very likely. The healthcare industry averages close to four data breaches per week in this year alone. Additionally, Forbes cited healthcare as the #1 industry at risk of a cyber attack.

Consider these numbers:

• Nearly 90% of healthcare organizations have suffered a data breach (Ponemon)
• 45% of affected organizations experienced 5+ breaches in a 2 year period (Ponemon)
• 1 in 3 Americans are victim of healthcare data breaches (Bitglass)
• Cyberattacks will cost hospitals more than $305 billion in the next five years (Accenture)

Scare numbers aside, these are just a reminder that healthcare providers must be proactive with keeping their patients data safe –and make these occurrences less likely.

The Cost of a Breach

Consequences of a cyberattack can be far more expensive and complex than you might think. In addition to the initial expense incurred to detect and contain the attack, here are a few more ways the costs of a data breach add up and threaten the very survival of your practice:

• Technical forensic investigation
• Public and private patient notifications
• Third party identity protection for affected patients
• Fines and penalties
• PR/Reputation management
• Legal fees
• Potential civil lawsuit
• Data security upgrades
• Lost patients / revenue
• Increased liability insurance costs
• Operational downtime or disruption
• Stolen intellectual property

When it comes to cyberattacks, speed is key. The faster you can identify and mitigate the attack, the more you can minimize the impact on your patients and your practice. Therefore, implementing constant system monitoring, having an incident response plan and a team at the ready is critical.

Take Action Before a Breach Occurs

As the threat for cyberattacks in healthcare has proven very real, HealthIT.gov released their Top 10 Tips for Cybersecurity in Healthcare, and recommends the following:

1. Establish a Security Culture: Education is the best prevention to raise awareness to the threats facing your facility. Ongoing education and training will assist you and your staff of best IT security practices.
2. Protect Mobile Devices: Putting safeguards in place for medical providers laptops, tablets, etc can decrease the chances of theft or loss.
3. Maintain Good Computer Habits: Best practices include up to date software and performing regular routine maintenance.
4. Use a Firewall: Undoubtedly, there should be a firewall in place to protect your EHR system from intrusions and outside threats.
5. Install and Maintain Anti-Virus Software: Antivirus can destroy malware and other viruses to keep your data safe.
6. Plan for the Unexpected: Two ways to protect against loss is by creating backups and having a recovery plan
7. Control Access to PHI: Restrict staff members access to sensitive information and set up an “access control system” to assign user rights and permissions.
8. Use Strong Passwords and Change Them Regularly: Strong passwords consist of at least eight characters, upper and lowercase letters, one number, and at least one special character.
9. Limit Network Access: Don’t allow devices from the outside to enter your network. Keeping tight network policies will ensure the right people are accessing your system.
10. Control Physical Access: Ensure the physical safety of your property and devices to keep your practice accounted for.

Acting on the above recommendations is just a start. To keep your patients and your practice safe –staying vigilant on data security is a must. Schedule your IT checkup to see where your organization stands on data security or talk to our team of experts if you need assistance in any of these areas. (614) 398-2882.