Hospitals face cybersecurity risks in surprising new ways
While ransomware attacks have been stealing the headlines, threats can come from many sources making it critical for healthcare organizations to have a comprehensive cybersecurity strategy.
Cyber threats take many forms and while the degree of sophistication can vary, every cyberattack has the potential to impact the availability, integrity or confidentiality of your system and the data within it. Cyber threats can happen anywhere within your organization or sneak in through third-party vendors.
Ransomware attacks are currently the number one threat to healthcare organizations. More than half of healthcare organizations were hit by a ransomware attack in 2021 and of those, 66% said the cybercriminals were successful in encrypting their data. Ransomware threat actors are getting more sophisticated and the cost to retrieve sensitive data from cybercriminals is rising.
While ransomware attacks have been stealing the headlines, threats can come from many sources making it critical for healthcare organizations to have a comprehensive cybersecurity strategy. During a February 16, 2022, HealthLeaders webinar, Securing the Healthcare Enterprise in ‘The New Normal’, presenters Christine Wheaton, Chief Privacy and Security Officer at Henry Ford Health in Detroit, MI and Jacqueline Sullivan, VP of Security Operations Coordination for Minneapolis-based U.S. Bank, discussed some strategies that organizations can use to protect against cyber threats.
1. Comprehensive training
Tried and true cybersecurity practices still hold up. Make sure your workforce is getting periodic cybersecurity safety training and ensure staff members are aware of the risks around the data.
2. Proactive practices
When looking at a new solution, a new medical device, even a new web application solution, make sure your security and risk experts are involved from the start. As part of the evaluation, your security and risk team can identify potential vulnerabilities and determine if they can be addressed.
3. Identify your weaknesses
Every organization has a unique environment with its own vulnerabilities. Establish a workflow between your security team who are identifying vulnerabilities and determining risk and your IT teams who manage the assets and who can remediate.
4. Vet your vendors
Ensure that third party vendors have adequate cybersecurity measures in place. Conduct a supplier risk assessment to identify potential areas of risk with third party vendors and the fourth party vendors that provide services and supplies to them.
For more information, read our guide to Protecting your healthcare organization from cyber criminals featuring additional insights from Christine Wheaton and Jacqueline Sullivan.
Tyler Eppley is the vice president of healthcare payment solutions at U.S. Bank and has worked exclusively with providers for more than 15 years to optimize revenue cycle operations and improve the patient experience.