Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
Cybersecurity affects almost every industry. While attacks may be similar, every breach carries different consequences. The industry is not immune to cyberattacks either. In fact, with the introduction of electronic health care records and the increased usage of digital payment systems, health care providers are more vulnerable to a breach than ever before. The Washington Post reported that 43 percent of all cyberattacks in 2013 were directed toward health care providers. Additionally, the interconnectivity between hospitals puts entire IT systems at risk when one location is compromised.
Why target health care systems?
Cybercriminals are usually driven by the prospect of financial gain. By hacking health care systems, they have access to private medical data and hospital records. This is information that can be sold on the black market, often for a much higher payout than financial information. The Atlantic reported that medical data is usually more valuable because, unlike financial data, you cannot make a phone call and cancel your medical records as you would with your credit cards. Once an individual’s medical data is compromised, it is difficult to recover.
What are the consequences of a health care breach?
Information security breaches in the health care industry can carry much heavier consequences than financial losses. Unlike cyberattacks on other industries, a breach on medical providers can be deadly for patients. In the e-book, Protecting Our Future, The National Cybersecurity Institute discussed the danger of a hack on health care IT systems where codes are altered or data is corrupted. Any of these events could lead to the loss of patient lives and cost the associated hospital thousands of dollars. The reputation of the health care provider is also at stake. Patients want to believe their private records are secure, and a breach may drive their loyalty elsewhere.
How can health care providers manage cybersecurity risks?
The American Hospital Association suggested that those in the health care industry should begin by establishing procedures and developing a core cybersecurity team. This step ensures that the hospital is not only monitoring for signs of a breach, but that it will also know what to do in the event of one. Health care providers also need to create an investigation and incidence response plan so that the information security team is trained and prepared for any cyberattack. Prepared health care providers will regularly review and edit these plans to keep them relevant and effective. The AHA further stated that medical devices need to be examined regularly for signs of malware. Every device requires up-to-date security software installed on it as well. Finally, health care providers have to review their insurance policies regularly in anticipation of a cyberattack. There should always be adequate coverage to cover losses and payouts.
While cybersecurity is a growing threat to every industry, it is exceptionally important for health care providers to remain vigilant against cyberattacks. Financial loss is a burden, but the consequences of losing a patient’s life are far more costly. Hiring employees who are skilled in detecting and deterring cyberthreats is a good start. NCI offers many programs that train individuals in cybersecurity and information technology. Visit their website today to find out more about how to start a career in cybersecurity.