The Ponemon Institute sets $363 as the value of a single stolen health record on the black market. In fact, medical information is worth 10 times more than a credit card number.
While it’s true businesses across all industries are being threatened increasingly by cyber crime and hackers, none is being attacked as much as the healthcare industry.
Healthcare companies experienced a 72 percent increase in cyber attacks between 2013 and 2014, and in 2015 there were 253 breaches affecting 500 individuals or more with a combined loss of more than 112 million records, according to a report by the Aberdeen Group and OCR.
Security experts say cyber criminals are targeting the $3 trillion U.S. healthcare industry because many of these organizations still rely on aging computer systems that do not use the latest security features.
Combine that with the simple fact that healthcare providers don’t always have an experienced IT workforce that can build and implement a comprehensive disaster recovery plan, the perfect recipe for costly implications such as data ransom is created.
In February, a hacker used malware to infect Hollywood Presbyterian Medical Center’s computer systems and seized control, preventing the hospital system from being able to communicate on those devices.
The center only regained control of its network after paying out the ransom of 40 bitcoins, equivalent to $17,000.
TeleQuality has found that many healthcare providers, especially in rural areas, lack the IT resources necessary to secure their data. So what can data technology and innovation companies do to help the healthcare clients protect their data?
It is imperative that data centers and technology companies start taking a proactive approach in educating healthcare clients on low-tech and hightech solutions to protect themselves and their patients’ data from ransomware and hacking.
Data centers can provide helpful how-to lists to healthcare providers regarding critical data securing activities such as how to:
- Backup Their Data – Data centers know the best prevention method to lessen potential damage by a ransomware attack is to make sure information is backed up using the 3-2-1 best practice rule. Healthcare providers may be unaware that they should create three backup copies of their data on two different media with one of those copies on a separate location. This is the most critical component for any business to consider when storing protected, valuable information and data centers should help educate their customers.
- Develop a Comprehensive Disaster Recovery Plan – Often healthcare organizations fail to consider and act on all aspects of disaster recovery from physical facilities and computer hardware and software to communications links, data files and databases, customer services provided, user operations, overall management information systems structure, end-user systems and developing testing criteria/procedures. The reality of today’s technological world is not if you get cyber attacked, but when. Ensure the healthcare providers have a disaster recovery plan that is comprehensive so they are prepared.
- Test the Disaster Recovery Plan Annually – Many healthcare providers are not aware that having a disaster recovery plan is a great start but isn’t enough on its own. They must be made aware that regular testing of the plan is critical to preventing it from becoming outdated. Data centers should encourage healthcare providers to test their plan annually to determine the feasibility and compatibility of backup facilities and to test short-term and long-term battery backup needs.
Here are some tips to teach providers simple ways to prevent ransomware:
- Avoid clicking on embedded links in unverified emails
- Regularly update software, programs and applications
- Use a layered protection suite
- Inventory physical devices and systems within the healthcare organization
- Perform vulnerability scans regularly
- Use the UCSC’s “Password Strength and Security Standards”
- Manage access permissions and incorporate the principles of least privilege and separation of duties
With three TeleQuality data centers opening this year in Atlanta, Chicago and Phoenix, the company recognizes the urgency to promote awareness and education to data centers and healthcare providers on ransomware and data hacking as it becomes a major threat to the healthcare industry.
TeleQuality’s CEO Tim Koxlien wants all data center companies to join its commitment to help protect their healthcare clients, to fight the implications of data ransom and data hacking in order to protect health information.
Reprinted from The INCOMPAS Show Daily, produced by Beka Publishing.