According to a recent post on the Healthcare Information & Management Systems Society’s (HIMSS) webpage, the biggest threat facing the health care industry doesn’t come in the form of a disease. To the contrary, it comes in the form of computer hackers who are skilled in the art of stealing confidential patient information.
The post also goes on to detail that every year cyberattacks on health care providers continue to result in millions of patients records being permanently lost.
How Prepared is the Health Care Industry to Face Cyberattacks?
In a July 2018, the Bloomberg article Cyber Attacks on Health-care Providers Are Up in Recent Months stated that only 33% of health departments in the United States are capable of defending themselves against a security breach.
For example, this article details how last June a medical-equipment company called Inogen Inc. had the personal information of almost 30,000 customers compromised once a hacker had gained illegal access to a staff member's email account.
What Steps Does the Health Care Industry Need to Take in Order to Defend Itself Against Cyberattacks?
The HIMSS post suggests that the first thing the health care industry needs to do to protect themselves is to understand the threat landscape and how it impacts this industry. They can do this by asking themselves the following questions:
- How do these attackers execute their sophisticated and well-executed campaigns?
- How do they decide whom to target and which industries, including health care?
- What type of data are these attackers interested in stealing and why?
- How are they using and profiting from the information they steal?
- How do security researchers actually gather and analyze this type of data, and make beneficial use of it?
How Do Hackers Get Access to Health Care Information?
An article in HealthTech Magazine which was published in August 2018 details how cybercriminals are gaining access to computers by exploiting the software supply chain. These kind of attacks come courtesy of a trusted channel that’s been compromised. Under these circumstances, a trusted channel that’s been hacked can sometimes go undetected for extended periods of time. These supply chain-based attacks usually take one of the following three forms:
- A hacker hijacks a supplier’s domain and direct traffic to another domain that’s been infected.
- An attacker attempts to directly compromise the software of a supplier.
- Attackers target third-party hosting services which infects websites associated with the host.
How Much Time & Money is the Health Care Industry Currently Devoting to Cybersecurity?
A recent study by HIMSS Analytics and Symantec revealed the following statistics:
- 82% of participating health care organizations said that cyber security policies are discussed at the board room level. However, only 40% said cybersecurity is a regularly scheduled item.
- The top three drivers for cybersecurity investment among health care organizations are risk assessments, HIPAA compliance, and security or financial audits.
- 75% of health care organizations are still spending 6% or less of their IT budgets on cybersecurity, a lower number than more security-mature industries such as banking and finance.
- Budget, staffing, and skill set were the three most significant barriers preventing health care firms from achieving a higher level of security.
How Can the Health Care and Health Information Management Industries Defend Themselves Against Future Cyberattacks?
The health care industry needs to take the following steps to prevent future cyber attacks:
- View cybersecurity as a business risk rather than just a technical challenge
- Address security at the board level and do so on a regular basis
- Educate employees across the organization to be cyber aware and provide training according to their roles and responsibilities
- Focus on hiring and retaining qualified staff
- Create new roles, such as Medical Security Officer or Medical Device Security Specialist to address specific security challenges
- Consider security implications when purchasing equipment
- Implement and test cyber security incident response protocols
Where Can I Get the Training I Need to Get Into the Health Information Management Field?
Hocking College offers an Associate of Applied Science in Healthcare Informatics degree. Applicants can receive the hands-on training they need to go from student to graduate in only four semesters.
For more information, please contact Healthcare Informatics Program Manager, Jade Cover, by email at coverj@hocking.edu or by phone at (740) 753-6417.
How Can I Get Into the Cybersecurity Field?
Since Autumn 2018, Hocking College has been offering a Cybersecurity and Network Systems program. In only four semesters students can graduate with an Associate of Applied Science in Cybersecurity and Network Systems Technology. All students need to succeed in this program are some basic computer skills and a willingness to learn.
For more information on Hocking College’s Cybersecurity and Network Systems Program, contact Cybersecurity and Network Systems Program Manager, Mark Riley at rileym24177@hocking.edu or by phone at (740)753-7209.