“Credit monitoring for a breach of your identity data, medical or not, is like handing out umbrellas in a tornado.” This is a fitting analogy, as healthcare is amidst a converging storm of cyber security; four forces fairly unique to other industries seem to plague the healthcare ecosystem at a confluence. Experts predict that by 2015 half of all healthcare organizations will have experienced between one and five cyber-attacks in the previous 12 months – with a third of those attacks successful. Torrential change coupled with lucrative, newly digitized information combine to make healthcare organizations a key target for cyber-attacks, the recent Anthem hack is just one of many recent examples. Organizations need to prioritize resources to better understand their risk landscape and adopt comprehensive solutions – or risk being another headline.
1. Personal health data is lucrative, worth –up to 50x other data on the black market
In 2014, healthcare accounted for 42% of all serious data breaches, and the FBI warns that with the EHR adoption deadline closing, “the industry is not technically prepared to combat against cyber criminals.” Once criminals gain access to this health data, they have increased ability to obtain prescriptions and receive medical care that could truly jeopardize your financial and medical health in the future. Data breaches damage organizations from a financial, compliance and reputation standpoint. It is critical that the right attention and investment is funneled toward thwarting data breaches to both negate and detect them early on.
2. Threats can jeopardize lives (and livelihoods)
DDoS attacks and network intrusions can wreak havoc on productivity and the bottom line – and this is true in healthcare. A recent Ponemon study concluded individuals who had their medical information stolen averaged $18,660 in out-of-pocket expenses. What is unique to healthcare, however, is that such impacts can literally jeopardize patient lives at the point of care. If a cyber-attack limits a physician’s ability to access information about allergies or previous conditions, or if they take down digital monitoring systems in the NICU, lives can truly be impacted and those implications are immeasurable. Organizations need to have the right systems in place to mitigate DDoS and network intrusion threats to ensure care critical applications have consistent availability and to protect patient’s livelihoods.
3. Highly complex access, operating and staffing environment
Healthcare providers have a labor-intensive industry, which is staffed 24/7/365 with many highly skilled players expecting instant access to confidential data. What’s more, physicians want access to this data on their tablet at the hospital and their smart phone on the golf course. Ensuring you have the right balance of secure access and ease of use for your staff is critical, and there are many user-friendly, sophisticated multi-factor authentication tools to leverage.
4. Adoption of connected devices
Healthcare players need to consider boosting security investments to prepare for the rampant adoption of connected health monitoring devices and the explosion of data that the Internet of Things will bring. Data from consumers’ health records to tracking steps, running, blood pressure and more, the Internet of Things will bring new data and it is not futuristic, nor are the risks theoretical. Consider that per the PWC 2014 report almost half of healthcare providers say they have integrated or are considering integrating consumer technologies like wearable health-monitoring devices such as FitBITs, TruFIT, Nike, etc. as part of the their daily medical practices.
Given these four considerations, IT departments must adopt new methods to respond to growing changes in cyber security. With more personalized services from urgent cares to pharmacies leveraging the Internet, the move toward patients leveraging personal devices to access healthcare information, online content and the continued digitization of information moving to the Cloud, means the cyber threats will only grow in complexity and frequency.
Organizations need to invest in comprehensive risk assessments, planning and security audits. The right combination of people, intelligence and infrastructure must be combined to effectively charter and succeed. The good news is, there are technologies and partners that can help you weather the storm – start engaging them.