Healthcare organizations face a rising threat of malicious attacks that target protected health information. The trend continues to escalate, despite efforts to shore up healthcare security. Motivated by a combination of lucrative pay-offs for stolen health information and generally weaker defenses compared to other industries, hackers are developing enhanced proficiency in identifying and exploiting security vulnerabilities in healthcare IT. The threat looms from all directions, but the most common points of entry are internet, social media, e-mail, mobile devices, USB’s, and cloud and network infrastructure.
According to the June ITRC Breach report, there have been 158 reported data breaches in the healthcare arena during the first half of 2016. A 2015 Ponemon Institute study determined that criminal attacks on healthcare data were up 125% compared to the previous five years, and the average cost of a data breach for healthcare organizations was estimated to be more than $2.1 million. Yet with each passing year, the cost seems to be escalating. In 2016 the Ponemon Institute partnered with IBM to create a Cost of Data Breach Study, which concluded that the average cost of unauthorized data access is between USD $149 USD and $167 per record, with the total cost of a data breach ranging from USD $3.7 million to USD $4.29 million.
The number of incidents that evade traditional security defenses are increasing at an alarming rate, and with the growing prevalence of Electronic Health Records, the playing field has become even more enticing to scammers. Cyberattacks have cost healthcare providers millions of dollars, generated negative publicity and created reputational damage. These breaches also instigate OCR investigations, as well as incur credit monitoring fees for affected individuals.
Yet lack of strong security controls among many healthcare providers persists, largely because cybersecurity can be a very complex process. However, in this cyberwar landscape, healthcare organizations have a legal and ethical responsibility to identify and mitigate the likelihood of real-world threats to IT assets and physical security. The best defense is to recognize the growing trend, and employ policies, procedures and physical infrastructure that will reduce the likelihood of a successful cyberattack. True cybersecurity requires preparation, vigilance, and a proactive game-plan.
For information on Cybersecurity Best Practices in the Healthcare arena, download our Cybersecurity eBook by clicking on the below link:
BlueOrange Compliance has been providing privacy and security assessments, remediation, training and guidance since the inception of HITECH. Our team is comprised of former healthcare IT executives and top security, privacy and technology analysts. Our national client base consists of hospitals, physician provider practices, Nursing Facilities, LTC Pharmacies, LPCs, CCRCs, homecare, hospice and business associates. If you want to learn how BlueOrange Compliance can help you turn HIPAA complexity into HIPAA compliance, visit us at blueorangecompliance.com.