Over the past few years, healthcare IT systems have faced significantly more cyberattacks than any other industry—and the reasons why are pretty simple:
- Healthcare hacks have a greater pay off. In fact, one recent article found that personal health data can “fetch upwards of $50 per record (10 to 20 times more than credit card information).”
- Health records are easier to compromise. Why? Because implementation teams often leave deliberate gaps in security if the tools might slow the transfer of or access to vital patient data.
The reality is that these security breaches aren’t going to stop any time soon. And you’ve probably worked on the obvious things already, like preventing password reuse and keeping software up-to-date.
So what else can today’s healthcare organizations do to minimize the likelihood of a costly attack?
- Prioritize security.
We get it: Justifying a budget for beefed-up IT security can be tricky for any healthcare business, where money is always stretched thin. But when you ask execs to consider the potential ramifications of millions of compromised patient records, you might catch their attention. Try to convey the urgency of security and compliance in today’s era of rampant cyberattacks. You need IT solutions that are developed with deep security and certified by vetted third parties like HITRUST. Furthermore, you need teams in place to implement these solutions fully and correctly. Remember, you shouldn’t have to choose between quality care and strong security. With the right technologies and teams in place, you can protect critical, care-related network traffic without slowing it down.
- Prepare your people.
You hear this one a lot, but it’s worth repeating. Your prime directive should be making sure every employee understands and implements security measures. Simple human error or negligence is one of the biggest threats to security across all industries and can produce particularly disastrous and expensive consequences for healthcare organizations. Security awareness training equips employees with the requisite knowledge to make smart decisions and use appropriate caution when handling sensitive patient data. Remind people not to click on links in suspicious emails, never to leave laptops or devices logged in and unattended, and never provide account verification details directly through email or if requested—even if you think the message is valid.
- If it’s not secure, don’t connect it.
Healthcare organizations are notorious for having hundreds, if not thousands, of devices and systems connected to their networks—especially with the growing number of mobile users (both providers and patients). Unfortunately, it only takes one weak link to the break the chain. Ensure that only approved users and devices can access restricted data. Better yet, segment your network into smaller, separated sections—so the most sensitive information is entirely isolated from your more vulnerable access points.