Editor’s Note: This guest blog is written from Avertium, a 2021 RhythmWorld platinum sponsor. Read on to explore tips that will help you improve your health care cybersecurity posture from their white paper, How to Raise Your Organization’s Game to Combat Cybercriminals.
As cybersecurity threats to health care organizations escalate, your responsibility as a senior hospital or health system leader is implementing high-level detection and remediation solutions.
“The average attack recovery expense, including downtown, manhours, device cost, network cost, lost opportunity and the ransom paid, was nearly $1.3 million.” – Sophos
The numbers should make senior hospital and health system executives lie awake at night. Through the first six months of 2021 alone, health care providers reported more than 250 data breaches of protected health information (PHI) to the HHS Office for Civil Rights. One hundred of the reported breaches involved cybercriminals hacking into the network servers of provider organizations.
In fact, 34 percent of more than 300 health care organizations recently surveyed by Sophos, a business cybersecurity firm, said they were hit by a ransomware attack over the past year. The average attack recovery expense, including downtime, manhours, device cost, network cost, lost opportunity and the ransom paid, was nearly $1.3 million.
Experts interviewed for this white paper on cybersecurity say it’s not a matter of if bad actors will attack, it’s a matter of when. With cyberattacks, nothing is off limits. The combination of immensely valuable data, the potential to cause harm to a vast number of people, and the lack of investment in cybersecurity makes health care an enticing target. Given the escalating threat, experts say hospitals and health systems must elevate their games to protect their operations and, more importantly, their patients from cybercriminals. It’s time to build a better cybersecurity strategy.
When cybercriminals attack your hospital or health system and steal or hold your PHI for ransom, the first question you ask as a senior leader is, “Why us?” as if the attack were a coincidence or stroke of bad luck. Coincidence and luck have nothing to do with why bad actors chose you. They picked you specifically and deliberately because of who you are, what you have, and how you operate.
The data you have in the form of PHI is uniquely valuable to cybercriminals. Unlike other types of data that can be canceled and replaced like a credit card number or a phone number, PHI has enduring value. There is only one of you, and your health records can’t be canceled and replaced. Not only does PHI have enduring value, but it also comes with a rich data set. That data set includes dates of birth, Social Security numbers, home addresses, health insurance policies, credit card numbers, bank accounts, and more — not just from the patient, but also from the patient’s family. PHI is exponentially more valuable than other types of data.
As you know, health care is one of the most — if not the most — regulated fields in the country. Complying with rules, regulations, and standards means that you’re sharing your PHI with a seemingly endless list of public and private organizations. You’re continuously transmitting your PHI via your information technology (IT) systems to state and federal government agencies, commercial health plans, accrediting bodies, and more. Every piece of technology that you use and every time you use it to transmit PHI for compliance purposes, you expose your yourself to a potential cybersecurity attack.
Your hospital or health system shares a lot of data, but whatever volume of data you share, you likely take in or accept even more. Collectively, each data intake point — from your online scheduling system to your electronic health record (EHR) system, remote patient monitoring devices or a telemedicine visit to a supply chain ordering form — is called your attack surface by cybersecurity experts. It’s the totality of the technology front that you must defend against cybercriminals. It’s vast, and the COVID-19 pandemic made it even bigger with the rapid expansion of virtual care models and work-from-home options.
Both what you do and why, make your hospital or health system especially vulnerable to cybersecurity attacks. First, the people who work for you — from front-line caregiver to back-office business staff — are caring by nature. They want to help people, and that makes them more trusting of anyone who needs something, like a cybercriminal posing as a concerned patient in an email. Cybercriminals know what’s at stake if they can steal or freeze your PHI. Any delay or disruption in care puts patients’ health and lives at risk regardless of whether you’re a Level I trauma center or a sole community hospital. That makes you more likely to pay perpetrators quickly to get back access to your data.
When you consider those four primary reasons, you may think there’s not much your hospital or health system can do beyond what it’s doing already to prevent and manage cybersecurity attacks. But there is, and the time to act is now.
Health care cybersecurity experts recommend the following tactics and strategies to better protect your operations and your patients during this time of heightened cybersecurity risk. Think in terms of people, processes, and technology.
The cybersecurity risks challenging your hospital or health system are going to become more frequent, more intense, more sophisticated, and more costly. Like mice on steroids, they’ll overwhelm and overrun your operations and threaten the care that you provide to your patients. Your best and only option is to modernize your prevention, detection, and mitigation program.
It’s time to build and exercise on a regular basis a better cybersecurity defense plan.
_____________________________________________________________________________
Click here to schedule your threat briefing now.
(TLM) framework serves as the foundation for the AI-enabled Security Operations Center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant for 9 consecutive years.
Security strategies are evolving; driven by regulatory requirements, customer expectations around data privacy and AI-driven…
In our April 2024 quarterly release, LogRhythm Axon showcases new enhancements from its two week…
In our April 2024 quarterly release, LogRhythm SIEM introduces new enhancements to bring you faster…