10 Things Healthcare IT Experts Need to Know About Cybersecurity Today
by Zivaro, on Sep 22, 2021 12:50:40 PM
Most cybercrimes are motivated by money, which is bad news for healthcare. In this article, learn what healthcare IT experts should know about cybersecurity.
Most cybercrimes are motivated by money (86 percent, according to Verizon’s annual data breach report). Unfortunately, that’s awful news for the healthcare industry.
Stolen health records sell for $60 to $250 per account on the dark web—far higher than most other types of data. (Credit card information usually sells for about $6 per account, for example.)
As a healthcare IT expert, educating clients and helping them take proactive measures are the best ways to protect them from cybercrimes. Here are ten trends and points to keep in mind now and in the future.
1. Hackers Target Healthcare Providers
For most hackers, it’s all about money. Because healthcare data is a golden goose of sorts, cybercrime isn’t going anywhere. Therefore, educating healthcare professionals around cybersecurity is essential.
You should view managed IT services and security features as an investment, not an expense or luxury in the healthcare industry.
2. Telehealth Services Could Make Things Worse
Virtual healthcare experienced a global boom as a result of COVID-19. Unfortunately, many cybercriminals capitalized on this massive growth. Hackers are now targeting telehealth devices (such as mobile health apps and live video conferencing).
Believe it or not, hackers breached as many as 29 million patient records in 2020, according to HIPAA Journal.
3. Small Healthcare Providers are the Most Vulnerable
IT experts should also spread the message that boutique healthcare providers are particularly at risk when it comes to cybersecurity. A lack of network security or an unskilled IT department creates prime opportunities for cybercriminals to breach devices and steal data.
This doesn’t just pose a risk to patient data—it could also result in your network slowing down or getting locked out of your system altogether, making daily operations difficult or impossible. Unfortunately, the financial risk of not protecting your systems is most significant for the most vulnerable.
4. Cybersecurity Training Still Isn’t the Norm
According to a survey done by Kaspersky, 1 in 4 healthcare professionals has never been trained in cybersecurity. Of course, this is music to a cybercriminal’s ears, as adequate employee training and standardizing IT practices are two key defense strategies that help hackers at bay.
5. A Lack of Encryption Could Violate HIPAA Laws
Written in 1996, HIPAA laws standardized how patient information should be sent and received. But in a rapidly evolving digital world, the goalpost is constantly moving on how healthcare providers should protect their patient’s data.
HIPAA now recommends 256-bit encryption for all email and online message sending, especially for small healthcare providers who don’t have managed IT services in-house. Not encrypting emails, by definition, could be considered a violation, which could result in fines (or worse). Keeping up with these trends is quite a challenge for even the most motivated healthcare professionals.
6. The IoT Increases Cybercrime Risk
Health facilities of all sizes rely heavily on the Internet of Things (IoT)—a series of medical devices and telehealth equipment that collect data and allow them to monitor patients through sensors and automation. These tools help professionals operate more efficiently but could also increase the risk of cybercrimes.
On average, as many as 47 different devices are connected to one network, many of which come from different vendors. When devices can’t connect or communicate with each other, it’s difficult for IT professionals to conduct an accurate risk assessment of their network and address potential issues.
7. The IoT Takes Up Lots of Resources
The sheer complexity of the IoT poses another unintended side-effect: IT workers put in so much time assessing and monitoring devices that they may miss security threats happening in real-time.
As their device collection grows, healthcare professionals should consider adding staff or committing more resources to their IT department.
8. Data Management Is the Present (and Future)
Tools like machine learning and AI devices are being deployed all over the healthcare industry to sort through and organize patient data. In addition, predictive data analytics is quickly becoming the norm for healthcare facilities as they strive to make data actionable and digestible.
With more data and a new wave of digital devices comes a greater risk of novel cybercrimes.
9. Interoperability Isn’t Going Anywhere
The push towards making all healthcare devices interoperable or transferring data and interpreting that information seamlessly is nothing new. In the same way, unified communications improve business outcomes; it’s simply easier to share standardized data between patients and healthcare providers.
It can also be argued that interoperability is one key to bolstering cybersecurity in healthcare. When healthcare providers can communicate across platforms, threat data is easier to share and root out.
10. Experts Admit the Cybercriminals are Ahead
The stark reality is that, as cybersecurity in healthcare improves, so too will the threats. More sophisticated and intricate cyber crimes take place each day. Unfortunately, many believe healthcare providers will always be playing from a defensive position.