October is here and that means time to celebrate all things fall! Including hot chocolate, pumpkin-spice everything, scarves, leaves changing colors and…cyber security? That’s right, get your high-tech thinking caps on because October is National Cyber Security Awareness Month (NCSAM)! NCSAM is an annual campaign put on by the Department of Homeland Security to encourage all companies, industries and consumers to raise awareness about cyber security in the 21st century. Cyber security does not discriminate. With a more connected world than ever thanks to the Internet, cyber security affects everyone around the world, no matter how urban or rural you are. From the financial sector and government to retail and healthcare, cyber criminals are looking to do real damage and harm to their victim organizations. Although cyber security is a growing threat to all industries, one industry has been hit very hard the past few years and will continue to see a growing number of threats: HEALTHCARE.
That’s right healthcare providers, you are at risk and being target by sophisticated hackers who want to breach your system, steal your data or hold your organization for ransom. From large-scale organizations covering entire states or regions to rural critical access hospitals, nobody is safe in the healthcare sector from cyber threats. In 2014, a rural 18-bed hospital in Illinois was hacked with over 12,000 records affected, and earlier this year, Hollywood Presbyterian Medical Center had to pay a $17,000 bitcoin ransom to gain access back to their computer system after the hospital was hacked.
It’s no secret that these attacks are on the rise as well. The healthcare industry saw a 72% increase in cyber attacks between 2013 and 2014. In 2015, there were 253 different breaches that compromised over 112 million records. Cyber threats account for 29% of the 2015 breaches, a number predicted to increase to 38% in 2016.
But, why are hackers focusing more and more on healthcare? Because healthcare data is extremely valuable on the black market. A single health record is worth up to $363 on the dark market. In fact, your medical information is worth 10 times more than your credit card information.
So, how much will all of this really cost me? A lot. In fact, healthcare data breaches cost more than any other industry. That’s mostly because the most expensive part of the data breach comes after the breach is detected and resolved. Calyptix Security organizes costs into two categories: direct costs, which are only around 34% of the total costs, including detecting the breach, escalating response, auditing, hiring legal defense, etc.; and indirect costs, the big ones that make up the other two-thirds. These indirect costs include customer turnover, brand damage, time and revenue lost during breach and drops in patient acquisition.
What can you do to protect yourself against sophisticated cyber attacks? While there are a number of areas that must be managed in order to mitigate the risks of cyber attacks, it is important to know that although compliance with HIPAA’s Security Rule is recommended, compliance does not equal security. Some aspects of your network that should be under constant attention are:
- Inventory all devices accessing your network
- Ensure known vulnerabilities are patched with a Patch management solution
- Update antivirus and anti-malware solutions on every inventoried device
- Regular, third-party security risk assessments
- Encrypt patient data on servers and mobile devices
- Encrypt patient data transmission
A couple of low-tech solutions that can be implemented right away include:
- Limit access to electronic systems through the principles of least privilege
- Ensure only IT administrators have access to alter IT policies and system configurations
- Keep patient data out-of-site to prevent smartphone cameras from snapping quick pictures
- Implement UCSC’s Password Strength and Security Standards
Don’t know where to start? Consult with your cyber security experts to assess your network threats and develop a monitoring plan for your protection. With TeleQuality’s Computer Network Solutions (CNS), we do just that. Contact us today for an evaluation and assessment of your network and get protected today!
Want to get involved with NCSAM 2016? Here are recommendations from Homeland Security:
- Use the NCSAM 2016 hashtag #CyberAware in your social media messages before and during the month.
- Sign up to receive the Stop.Think.Connect. monthlyFriends Newsletter here.
- Become an official partner of the Stop.Think.Connect. Campaign here.
- Join the weekly NCSAM 2016 Twitter Chat series on Thursdays in October at 3p.m. EST using #ChatSTC.
- Post cybersecurity tips, news, and resources highlighting NCSAM 2016 on social media sites. Get started by reviewing the Stop.Think.Connect. Campaign Toolkit here.