While separately, these two words may pose no anxiety to the average person, when placed together they can be a daunting and overwhelming task to tackle for information technology (IT) departments across the country. In a world where the Internet of Things (IoT) has virtually every sector and industry connected via the Internet, the importance and criticalness of cyber security means more today than it ever has before.
As a healthcare provider, cyber security can no longer be a backburner item to be dealt with when there’s time to “get around to it.” Electronic health records and the digitalization of many aspects of healthcare has pushed cyber-crime to the exponentially-high levels we see today. Did you know that healthcare data is more appealing to hackers than any other data on the market currently? That’s right, medical information is worth 10 times more than credit card information and a single health record is worth up to $50 on the dark market.
Still not convinced? Recent reports predict healthcare to be the #1 target for hackers in 2017 and found that the healthcare industry made up just over 1⁄4 of the breaches in 2016. Cyber threats accounted for 29% of the 2015 breaches with 2015 seeing 253 breaches affecting 500 individuals or more with a combined loss of more than 112 million records. A TQ employee even heard at a national health IT conference that a recent Homeland Security director has spent about 85% of their time helping small hospitals clean up after ransomware attacks.
And it doesn’t matter how urban, rural, big or small you are. Hackers don’t discriminate when it comes to cyber-crime. From large-scale organizations covering entire states or regions to rural critical access hospitals, nobody is safe in the healthcare sector from cyber threats. In 2014, a rural 18-bed hospital in Illinois was hacked with over 12,000 records affected, and in 2016, Hollywood Presbyterian Medical Center had to pay a $17,000 bitcoin ransom to gain access back to their computer system after the hospital was hacked.
Impacts to Healthcare Providers
Sometimes cyber security threat and attack impacts can seem vague and abstract, but what are the true consequences that your healthcare organization will face if you fall victim? Here a few of the top impacts you can expect:
- Expense – it is extremely expensive to recover from a breach or cyber-attack. It can take down your network anywhere from a couple of hours, to days, weeks, or months. Without technology functioning the way it is intended, your healthcare organization can be losing massive amounts of revenue and time lost for your providers and administrators during the downtime.
- Technical Remediation – it takes a high-level skilled Cyber Security professional to correct the issues and clean up the network after an attack. This can become extremely expensive and time consuming for an IT department.
- Reputation Damage – a healthcare provider is required to report a cyber-attack or breach to the media and their constituents, under certain conditions. This can cause damage to a community if the healthcare patients are concerned that a healthcare system is not keeping the patient data safe and putting them at risk of identity theft. In fact, more than 1 in every 8 patients are withholding medical information from providers due to fears about confidentiality or EMRs.
Low Tech Solutions
A great cyber security plan includes both low-tech and high-tech solutions to guard your organization against attack. So, what low-tech solutions can your organization immediately implement to help prevent and protect against cyber threats?
- Limit access to electronic systems and IT policies & system configurations – control who has access to your technology systems and how much access they have to utilize it. Based on specific roles or experience levels, some people should have a wide scope of access while others might have little to no access, especially to areas of your systems they don’t need to interact with.
- Keep patient data out of sight – store patient data in a restricted area where only certain individuals have access to it and only the information they need.
- Implement UCSC’s password strength and security standards
While low-tech solutions are helpful, nothing can replace true proactive solutions that focus on prevention and security of your network. A couple of these proactive items include:
- Consult with security experts to manage and monitor consistently. Work with them to complete the following activities: collect an inventory of devices accessing your network, patch management, up-to-date antivirus and anti-malware, perform security risk assessments, encrypt patient data, encrypt patient data transmissions.
- Cover four key areas of security: Managed Firewall, Managed Antivirus, Continual Patch Management, and Managed Cyber Security platform that provides continuous monitoring.
- Be in a proactive, threat-defense posture
If you want security experts to focus on your cyber security and give you peace of mind, explore TeleQuality’s Computer Network Solutions (CNS) product line. TQCI’s CNS services operates under the main theme that a proactive, threat-defense posture is key to protecting your network. The goal is to reduce downtime if a threat occurs and react immediately. By performing regular risk and threat assessments and employing continuous threat monitoring by real world experts, you will be deploying the most effective way to avoid a public breach. Having additional support allows your team to focus on primary job duties. Our Computer Network Solutions are customizable acting as an extension of the IT department to support IT staff, not replace them. Have peace of mind knowing that you have access to a dedicated support team when you need it most while providing you with specialized monitoring and risk assessment reports. Support also shouldn’t have to be rigid, it can be elastic with the CNS line where we can bring in more resources when and where necessary, then pull back and only keep what is necessary, allowing available IT resources to expand and contract based on your organization’s individual needs.
Interested in learning more? Contact us today or email us at firstname.lastname@example.org.