Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
Cybersecurity is undoubtedly a top-level priority for virtually every health care provider. These organizations possess sensitive patient information that is extremely valuable to cybercriminals, as it can be used to commit acts of identity theft and fraud. Cyberattackers are well aware that this is the case and are targeting the health care sector like never before.
Unfortunately, as CSO recently highlighted, there are a number of unique factors that make computer security particularly challenging for health care providers. In order to keep their patients and employees’ data safe, hospitals, clinics and doctors’ offices need to increase their focus on, and investment in, cybersecurity protection.
“Hospitals must make access a key cybersecurity priority.”
One of the biggest challenges when it comes to achieve cyber safety in the health care sector concerns personnel. Speaking to CSO, health care security expert Gary Palgon noted that a very large number of workers need to have access to patients’ sensitive data in order to effectively provide care. This includes everyone from doctors and nurses to insurance company representatives. Furthermore, the doctors and nurses themselves will include permanent hospital employees, visiting experts and temporary workers. This, as Palgon explained, means that hospitals must make access a key priority when developing and maintaining cybersecurity strategies.
Another challenge specific to the health care industry is the risk presented by medical equipment. Carl Wright, another cybersecurity expert, told the source that most medical devices are closed systems. This is potentially problematic because it makes them very difficult to scan for malware, yet they can also be vulnerable to certain cyber threats. And because of their classification and nature, hospital IT team members’ hands are somewhat tied when it comes to protecting these assets.
“As FDA certified systems, they are not open for the installation of additional third-party software by the hospital staff,” Wright said, according to the news source.
Wright provided an example to highlight the potential complications here. He explained that in one case a hospital staff member inadvertently downloaded a link containing a worm, which subsequently made its way to the organization’s medical devices. The IT team attempted to remove the worm from the hospital’s systems and thought it had succeeded, but the worm subsequently re-emerged and created a back door into the hospital’s networks. This allowed the attacker to access and steal critical data, the source reported.
Making matters worse is the fact that the cost for a data breach is higher in the health care sector than in any other industry, according to the most recent Ponemon Cost of Data Breach Study. This report found that the average cost per record for health care providers was $398 last year. Among all surveyed industries, the average price paid per record stood at only $217. These costs include the expenses involved with notifying affected individuals, help desk actions, investigations and lost business.
In Ponemon’s 2014 Cost of Data Breach report, health care data breach costs averaged out to $316 per record. Not only are health care data breaches more expensive than those in other sectors, but they also appear to be growing increasingly expensive.
With all of this in mind, it’s clear to see that the health care industry as a whole needs to increase its focus on cybersecurity. Critically, hospitals and other care providers will need to hire computer security experts who can understand the unique threats that they face and devise strategies for thwarting would-be cybercriminals in this sector.
To find out more about how Excelsior College can prepare you for a career in cybersecurity, visit our website now.