Cyber-crime against organizations and individuals is on the rise more than ever and there has been a serious increase pf 37 percent in cyber crime against healthcare organizations.
The total number of breached records rose from 13,947,909 two years ago to 41,335,889 in 2019, with the recent figure representing 12 percent of the U.S. population.
Federal records show that 510 major data breaches were reported last year, with each involving 500 or more hospital and medical records.
Medical records are selling for upwards of $1,000 online and the efforts by healthcare organizations to repair the damage done by cyber criminals is daunting.
Even with the known increase in cyber crime targeted towards healthcare organization, some organization. may still struggle with knowing how to take action and protect themselves.
In this article we are going to identify three ways that a healthcare organization can start protecting themselves now.
Do a Cybersecurity Assessment of the Network:
Hiring a third party to come in and do a cybersecurity assessment is key in protecting a healthcare organizations.
Third-party security assessments help organizations identify weak points in their networks.
In leveraging the Cybersecurity Framework from the National Institute of Standards and Technology, security assessments can identify problems and network visibility to aid in effectively planning and prioritizing security strategies going forward.
Secure All Medical Devices
There’s no doubt that medical device security is a priority for healthcare organizations.
The greatest security problems associated with these devices go beyond unchanged passwords and outdated software, organizational challenges around device ownership often exist, making it difficult to know who’s using a particular tool and taking the steps to protect it.
If these devices are compromised, it goes beyond identity theft to a matter of possibly life or death.
To combat this issue and enhance device security, it is recommended that IT teams focus on three tactics, starting with visibility.
They need a way to know how many devices and what devices are on their networks.
Once a team gains that understanding, actively monitoring and segmenting medical devices onto their own private networks.
This can help organizations to be better prepared for a cyber event and contain any lateral movements attempted by a hacker.
Educate and Train Healthcare Staff
Cybercriminals not only use online tools for hacking, but they can even use social engineering to gain access to information.
Medical personnel ranked as higher targets for attackers than executives and other high-ranking employees.
On average, targeted healthcare companies each received about 43 impostor emails in the first quarter of 2019 — nearly triple the amount seen in the same quarter in 2018, according to a recent report from enterprise security company Proofpoint.
“If you’re looking at ways to stem cybersecurity,” says Ryan Witt, healthcare industry practice leader at Proofpoint, “then you need to start with identifying those attacks.”
Educating all staff on the value of security in a clinical setting is critical.