Whenever we read the latest headlines on cybercrimes and data breaches, it’s easy to slough it off as being something that only happens to the big guys, like England’s NHS with the WannaCry malware. Unfortunately, that’s not true. Anyone can be hacked.
Hackers don’t care how big or small a target is – they prefer to look for vulnerabilities which can be easily and quickly exploited. They simply want to expose and take advantage of gaps in legacy systems and backdoor vulnerabilities and to steal valuable data. And thinking you’re too small to be noticed can be a dangerous assumption.
We know that in the U.S., healthcare cybersecurity practices have serious weaknesses. The HHS task force even released a report in June stating that healthcare cybersecurity is in a 'critical condition'.
Malicious or otherwise, security breaches continue to pose a concern to public health. Because our healthcare system and technologies are so diverse, there’s no easy way to assure across-the-board standards. Sweeping changes would mean you’d have to consider health care delivery systems, like hospitals, as well as health plans, small specialty clinics and private medical practices, plus third party digital health companies that support them.
The good news? When the Cybersecurity Act of 2015 created the Health Care Industry Cybersecurity (HCIC) Task Force, we saw the first broad attempt to get a handle on the risk to healthcare data, as well as to concede the incredible security challenges the industry deals with daily.
In early June 2017, the task force released its report on Improving Cybersecurity in the Health Care Industry. It states such findings as “providers and other healthcare workers assume that vulnerability is low.” In other words, our care providers are trusting that proper technical security is in place and capable of resisting intrusion. After several large, high profile breaches, we know that this is definitely not the case.
Additionally, the report emphasized that the industry needs to make healthcare cybersecurity a top priority. It notes that until the string of ransomware attacks started, there’d been resistance to prioritizing cyber protections and risk mitigation, often due to budget constraints.
Healthcare cybersecurity needs to be a top priority in the future. With six “high level imperatives” called out in the task force report, we have the beginnings of a path to stronger healthcare cybersecurity.
If the WannaCry malware and other attacks demonstrate nothing else, it’s that cyberattacks can happen to anyone, anywhere. Don’t let it be you. Download our helpful Security Tip Sheet to ensure that you and your organization know how to protect yourself from cybercrime.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.