The non-negotiable for healthcare organizations: protection against cybersecurity
Surfaces of cyber attacks are increasing as many healthcare systems expand care beyond hospital walls and are particularly prevalent due to the focus on healthcare organizations inside the COVID pandemic -19. While the current landscape of cloud computing, telehealth, virtual working, remote hosting, and data sharing between caregivers is critical to helping improve patient outcomes and keep populations safe, these With innovations come increased chances for bad actors to exploit vulnerabilities.
As we celebrate Cyber Security Awareness Month throughout October, we should all be thinking about how we can do our part to better protect our patients, clinicians and healthcare systems.
The dangers of ransomware
Before the pandemic, 55% of healthcare organizations had little or no confidence that their organization could mitigate the risk of ransomware. Today that number has risen to 60%. These statistics indicate an urgent need to strengthen cybersecurity efforts, as ransomware is capable of rendering healthcare IT systems inoperable and wiping out data essential to patient care. The potential impacts on patient care are longer hospital stays, treatment delays, complications from medical procedures, or in the worst case, patient mortality. Even if an organization pays the ransomware for a malicious attack, there is no guarantee that the stolen data or affected systems will be recovered.
Effective cybersecurity postures gain momentum
Attacks will continue to get more sophisticated, so cybersecurity must keep pace or, better yet, get ahead. Many senior healthcare executives are gaining a better understanding of the growing interconnectivity of devices, business partners and healthcare systems. The industry is learning that cybersecurity is not the sole responsibility of the IT department – everyone should play an active role in protecting their organization against cyber attacks. Senior healthcare leaders and boards of directors are starting to prioritize cybersecurity. Increasingly, organizations are educating their staff on data protection and best practices to avoid phishing scams that launch malware. This is more important than ever as teams continue to work remotely.
Implementing an effective cybersecurity program can help mitigate the risks facing healthcare organizations. A comprehensive cybersecurity strategy should consist of a documented and tested incident response plan, including:
- Incident response phases
- Roles and responsibilities
- Response workflows for business partner engagement
- Response workflows for communications
- Response workflow for external parties, including:
- External advice
- Third party response companies in the event of an incident
- Credit monitoring services
- Lessons learned after the incident
- Knowledge of reporting procedures to federal agencies
- Cybersecurity insurance
Wisconsin recently passed cybersecurity regulations that create additional measures for insurance companies to protect individuals’ Personally Identifiable Information (PII) and Protected Health Information (PHI). Only a few other states have passed similar legislation; however, we may see this trend increase in the future. Health officials are encouraged to advocate for specific regulations that apply in their respective states.
There are additional proactive measures that healthcare organizations should take advantage of on an ongoing basis, including maintaining awareness of new and existing federal and state legislation, performing an annual attack and penetration test third-party security checks, incorporating 24/7 monitoring by a security service. operations center and test incident response plans through mock attacks against the organization. Training and retention programs are also important initiatives to keep skills up to date and accurate.
Healthcare is making great strides by prioritizing cybersecurity, but we can do more. A robust cybersecurity program and strategy can help mitigate risk for what matters most in healthcare: patient care and outcomes. It’s unrealistic to think that we can stop all the bad actors, but we can set some solid parameters to keep them at bay.
Cerner cybersecurity aims to help improve your organization’s security posture, allowing you to focus on what matters most in healthcare: patient care and safety. Find out more here.
More like this: