From 2015 to 2016, our country saw the number of Healthcare Cybersecurity breaches double. Since then, security breaches across all fields have continuously been on the rise, with 2017 ushering in some of the largest identity theft hacks in history. No one likes to hear that any personal information has been compromised, but it gets especially upsetting when the breach is surrounding healthcare records.
Healthcare Cybersecurity Facts
A few years ago when cybersecurity in healthcare was brought to the forefront, the Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari said this, “It’s currently imperative for organizations to understand that they’ll never be able to prevent breaches from happening. The best way to protect their organization is to focus on developing detect and response strategies, and to create as many roadblocks and obstacles as possible so network administrators can quickly identify unauthorized access or suspicious activity on the network.” While this statement may have come across to some as harsh, Eftekhari wanted to be realistic about breaches in healthcare while offering a feasible solution and strategy.
Cybersecurity Tips for Healthcare Companies
- Continuously train your employees. The number one obstacle that many healthcare organizations face when trying to tackle the daunting task of cybersecurity is simply human error. Continuing to have monthly/quarterly workshops to inform medical staff members about proper procedures and protocols surrounding the security of their patient’s data is crucial. In the past, well-meaning medical professionals have taken pictures of patient’s information to work on at home, only to have their phone/laptop stolen. Healthcare organizations need to remind employees that while credit card info can be changed, social security and Medicare numbers cannot.
- Conduct a HIPPA security risk analysis. Since it is a requirement that all healthcare organizations have a periodic risk analysis of their entire facilities, this is a perfect time to include cybersecurity testing. Due to the ever-changing world of IT, cyber assessments have expiration dates. It is no longer possible to have a full security risk analysis without including tech.
- Mandate encryption of data on all portable devices. From early 2009 until now, it was reported that unencrypted portable devices that were lost or stolen made up over a third of all the breaches that impacted health records. While this process can be expensive and time-consuming, it doesn’t compare to the financial and legal fees associated with even a small breach of patient data.
The Future of Healthcare Cybersecurity
Currently, there are estimated to be over 1 million unfilled cybersecurity jobs in the U.S. This gap has been created due to the inability of organizations to keep up with the rate that cybersecurity has grown and changed over the years. Companies are turning to new educational/training routes, such as the creation of new collar jobs, as a way to combat the gap issue, making this an exciting time to be entering the cybersecurity field.