The healthcare industry is a prime target for cybercriminals due to the attractive amounts of sensitive data up for grabs that can yield high dollars on the dark web. While healthcare cybersecurity is particularly critical in an industry where ransomware attacks and data theft can potentially result in loss of life, organizations notoriously under-fund and under-prioritize their cybersecurity infrastructure.
How Do You Address Cybersecurity in Healthcare
There are several critical cybersecurity issues that create increased vulnerability in the healthcare sector.
1. Lack of Cybersecurity Training
Human error resulted in 33% of the 2020 healthcare cybercrime, yet employees are generally not aware of the role they play in creating data breaches. In fact, 32% of healthcare employees report having received no cybersecurity training from their employer. Healthcare organizations of all sizes should implement proper training for employees to recognize, respond to, and report cyberattacks. Proper training is shown to improve threat detection rates by almost 20%. In addition, HIPAA compliance training and procedures for maintaining security of protected health information is crucial for maintaining the safety and integrity of critical data.
2. Password Theft
The use of one password to access multiple sites may seem like a convenience, but in reality this allows hackers to steal one password and breach several accounts. The use of a patient portal with email encryption strengthens security by requiring patients to log-in to the platform to access medical messaging, which is further encrypted for privacy. Two-factor authentication for healthcare employees can prevent password theft by requiring the user to prove their identity on two levels using a combination of PINs, facial or fingerprint recognition, security questions, and codes sent to a secondary device.
3. Lack of Adequate Plan
On average, the mitigation of a single healthcare cybersecurity breach costs over $9 million and requires 287 days, with 75 of those days spent trying to halt the attack and stop continuing damage. One factor that leads to increased loss of time and money is the lack of a business continuity plan, which should include the following:
- Analysis of potential cyberattack impact
- Plan for minimal operations following a breach
- Plan to evaluate impact and restore systems
How Can We Improve Cybersecurity in Healthcare?
Healthcare organizations have historically overlooked the importance of cybersecurity, and this oversight contributes to the attractiveness of the industry to criminals. In addition to providing cybersecurity awareness and response training, overhauling the password security system, and creating a business continuity plan as outlined above, the following steps will assist the healthcare industry in mitigating the risk of cyber crime:
- Prioritize cybersecurity throughout the organization
- Dedicate personnel to a data security program
- Regularly analyze the company’s risk profile
- Create a culture of cybersecurity awareness throughout healthcare staff and patients