4 ways to prevent healthcare cybersecurity attacks
When the world thinks of the next “big attack” on human life as we currently know it, many conjure up horrific images of atomic bombs, nuclear desolation or even deadly viruses that result in a zombie apocalypse. But what never seems to occur to anyone is that the attack will most likely appear in the form of a cybersecurity breach that could devastate the globe. Healthcare especially remains vulnerable to cybersecurity threats, which have the potential to wipe out current healthcare innovations, jeopardize patient safety and destroy a healthcare organization’s reputation.
The Current State of Healthcare Cybersecurity
Currently, the topic of cybersecurity is a major concern for all industries. According to the Cybersecurity Market Report conducted by Cybersecurity Ventures, global spending on cybersecurity products and services for defense against cybercrimes is projected to exceed $1 trillion from 2017 to 2021.
Unfortunately for many industries, including healthcare, budgets for cybersecurity are limited. On average, the healthcare industry’s investment in cybersecurity is much lower than other industries with less than 6 percent of the IT budget allocated to IT security, according to a 2016 HIMSS Analytic Healthcare IT Security and Risk Management Study. Even more troubling is the lack of highly skilled cybersecurity personnel across the globe. In fact, a recent report from Cybersecurity Ventures predicts that there will be 3.5 million unfilled cybersecurity positions by 2021.
In response to these concerns, the U.S. Department of Health and Human Services (HHS) established the Health Care Industry Cybersecurity Task Force in March 2016, per the Cybersecurity Act of 2015. The task force is required to issue detailed reports explaining ways to improve cybersecurity in the healthcare industry. With the number of cybersecurity attacks mounting daily, coupled with budgetary restrictions and personnel shortages, the healthcare industry is setting its sights on preventive measures to stave off future threats altogether.
Tips for Healthcare Cybersecurity Attack Prevention
Cybersecurity is top priority of all industries these days. As organizations look to the future—and healthcare organizations aim to avoid appearing on the HHS “Wall of Shame”— cybersecurity prevention will remain the key driver to a protected future. Here are a few ways to be proactive about your organization’s cybersecurity and to prevent the next attack:
- Create a Plan
When most organizations contemplate the future, they consider the “big picture.” This same principle can and should be applied to cybersecurity measures, especially at the top level of leadership. To prevent cybersecurity attacks, security needs to be placed as a top priority in any decision-making scenarios. Healthcare organizations need to ask big-picture questions, such as, “What else needs to be covered that cannot be covered under HIPAA or HITECH alone?” With strategies such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework to use as a guide in the planning process, healthcare organizations in particular have the necessary tools to create solid preventive plans.
- Think Preventively
With prevention of cyberattacks becoming an increasingly important goal for the healthcare industry today, organizations need to adopt a preventive mindset that can be carried out in preventive actions. Particularly, with the shortage of cybersecurity jobs appearing imminent in the coming years, healthcare organizations must invest in the right people and create more cyberattack security positions. Although this preventive step will help alleviate security breaches in the future, it is not enough to stop security attacks from occurring. Thinking preventively also means ensuring that all employees at all levels are exposed to a high-level education in security best practices, policies and prevention tactics.
- Secure the Network Connection
While this tip might seem obvious, it is surprising how many healthcare organizations have yet to invest in stronger network connections to keep up with the rising demand of security. Connected devices through the permeation of the Internet of Things (IoT) are creating thousands of security access points to healthcare networks daily, which many networks are not prepared to handle. According to a recent report by Gartner, 8.4 billion connected “things” will be in use in 2017, a 31 percent increase from the previous year. Healthcare facilities must make investing in stronger networks a top priority, considering options such as security-first approach network designs that can support thousands of connected devices while keeping protected health information truly secure.
- Invest in Updates and Improvements
Even with strong security networks, healthcare organizations need to keep browsers and operating systems up-to-date, investing in improvements whenever possible. In a study conducted by BitSight in response to the recent ransomware attack WannaCry, researchers found that the healthcare industry scored higher in using up-to-date browsers and operating systems (85 percent). Although this is certainly positive news, it also means that 15 percent of healthcare organizations are failing to promptly update their browsers and upgrade their operating systems.