Why healthcare organizations are experiencing crippling security breaches

This article was written by Pia Mangini, Digital Content Manager, Coffey Communications. 

Most healthcare consumers will choose trust as one of their top reasons for selecting a healthcare provider. However, data breaches can break this trust, and your organization’s brand can suffer as consumers lose trust in your ability to protect their private information.

Cyberattacks in the healthcare industry have skyrocketed since the start of the pandemic, with more than 30 hospitals and health systems reporting data breaches in 2021 so far.

As healthcare organizations become increasingly reliant on digital data that is stored on local machines, enterprise databases and cloud servers, sensitive information can be compromised by unauthorized access to a computer system or network.

Crippling security breaches of healthcare organizations can expose highly sensitive information, such as personal identification data, and sensitive health data, such as medical histories and health insurance information. Because of the amount of valuable data they hold and the motivation they have to keep their hospitals running, hospitals and health systems are extremely vulnerable targets.

Unlike other businesses, whose administrative and sales operations are affected, when a hospital network goes down, they may have to halt patient appointments, surgeries and other medical treatment.

How to defend against cyberattacks in 2021

For many organizations, cybersecurity is a new area—and therefore without a budget, structure or resources. It can be daunting; however, protecting your organization calls for both enhanced technology and common sense. Here are steps to consider:

• Train workers. IBM found that 95% of data breaches are caused by human error. It can be hard to train during a pandemic, but many organizations are opting for firsthand experience. They’re creating their own phishing emails to show employees how easy it is to be fooled. The system then takes users to educational content, like a video.
• Revisit passwords. Complex passwords make a difference. Mandate changing passwords frequently. Consider implementing two-factor authentication.
• Invest in infrastructure. Start with an endpoint detection and response (EDR) platform. It secures end devices. Free EDR tools are available, but hackers often reverse engineer them. So it’s a good idea to purchase stronger protection. The next step? A security information and event management (SIEM) platform to monitor EDR data, identify risks and prevent damage.
• Finally, consider a mobile device management (MDM) platform. It will overlap with the EDR and allow IT to lock down USB ports on devices to protect data. It can also wipe devices remotely.

HITRUST certification

To assure a higher level of security within your organization, work with a HITRUST-certified company. HITRUST CSF certification shows that an organization has met key standards and regulations in cyber security. It also means they are managing their risk when it comes to file and information sharing.

Organizations use the HITRUST framework because their cyber frameworks may have been developed without certain protections in place. In fact, more than 80% of healthcare organizations have now adopted a universal security framework, according to a recent HIMSS survey showing framework adoption. HITRUST CSF is one of the most widely adopted frameworks in the healthcare industry.

Working with a HITRUST-certified partner comes with benefits. First, you can be confident that a certified partner has gone the extra mile to ensure that your data concerns are addressed. Second, getting certified shows that your partner has a long-term commitment to protect their clients and their clients’ clients. Finally, some healthcare companies may require that partners be certified to ensure laws and regulations are met.

Now is the time to update old systems and implement multiple security measures. And be sure to partner with an agency who understands the healthcare industry and its unique vulnerability to data breaches.