With cyber threats on the rise, security has become the chief concern for nearly all industries worldwide. But for the healthcare sector, online data and systems protection could literally mean life or death.
In truth, the healthcare industry’s reliance on technology goes beyond medical equipment. Think of all the patient data stored in their systems — from the different medications a person takes, to their complete medical history. A security breach could cause a mix-up in treatments, or patients might fail to receive medical care altogether. Healthcare data is among the most sensitive information in the entire digital landscape. After all, it’s not as easy to remedy as a stolen credit card. Unfortunately, hackers and cyber criminals are well aware of this, and are always looking for ways to exploit these resources.
Individual health records may be sold on the black market for a hefty price. For scale, CNBC reports that your social security number and credit card information might sell for $2 and $10 respectively on the black market, but your electronic health record could reach up to a whopping $1,000. The value of this data makes healthcare data a target for hackers and bad actors. Despite the urgency, few industries are as horrifyingly vulnerable as the healthcare industry. According to a survey conducted by the Healthcare Information Managements Systems Society (HIMSS), three quarters of healthcare executives reported a significant security incident in the last 12 months. These attacks range from email phishing to hacking passwords.
To rub salt in the wound, healthcare providers don’t tend to prioritize cybersecurity in their budgets, and often put up with outdated computer systems that are vulnerable to cyber threats. Top-notch protection doesn’t come without a hefty price tag. A post by Maryville University breaks down the median salaries for cyber security professionals and outlines how it has become a very lucrative field to work in. This is mainly due to the fact that there is an increasingly high demand for specialists. However, healthcare organizations have limited resources available for technology, and at most organizations, cybersecurity only accounts for a 4 to 7% of total IT budgets. Despite the cost, it’s an important investment when compared to the potential losses organizations are sure to incur from data breaches.
HIPAA regulatory requirements provide guidelines for protecting healthcare data, but organizations must be diligent in planning and executing on security plans. Even with federal laws in place, HIPAA regulations merely establish baseline protection. Risk assessments must be conducted on an annual basis and policies and procedures must be reviewed and updated to meet changes in the organization. With the ever-increasing complexity of attacks, it’s imperative to go beyond its rules and set a holistic security approach. Most of the time, tech is given the largest focus, but all bases must be covered — including people.
Although it’s easy to chalk up cyber attacks to weak passwords or a firewall breach, humans are still the weakest link in the security chain. The Protected Health Information Data Breach Report released last year confirms that more than half of healthcare breaches are caused by an insider threat, usually brought by irresponsibly plugged phones or wrongly opened links. Vendors and business associates (BAs) are responsible for 25% of all HIPAA violations.
Fortunately, advancements in protection are gaining traction. Platforms such as Dash empower teams to address HIPAA compliance concerns and monitor cloud security. On top of this, numerous staff cybersecurity training programs are more accessible and affordable. At the end of the day, technology must work hand-in-hand with education. Building a culture of security and compliance among healthcare workers is key to protecting patient data. We need to come to a point where cybersecurity isn’t just an afterthought, but a natural, and vital part of all industries — especially in the healthcare industry.