The Medicus Firm Blog

April 29 2019

Keep Cybersecurity Top of Mind

Healthcare organizations at all levels – individual practice to large hospitals – all operate with a number of challenges. Whether it’s dealing with insurers, state and federal regulations or staff shortages and/or turnover, the litany of obstacles is seemingly endless.

One of biggest concerns for any organization is cybersecurity and data breaches as part of an overall risk management methodology. And industry reports show data breaches remain a constant threat with no end in sight.

Of any industry sector, healthcare is the biggest fish for hackers with great potential for information. Conversely, healthcare entities reported the highest number of incidents at 41 percent, according to the Beazley Breach Insights Report.

The causes range from direct hacking, the presence of malware or simple human error such as having a weak password or being duped by a phishing scam.

In January alone, there were 33 healthcare data breaches, according to the HIPAA Journal. These breaches exposed more than 490,000 healthcare records. While that figure is down from December, the fact remains that cybersecurity should actively be looked at when assessing any risk management plan.

Easier said than done, though. Organizations are always at the crux of being profitable and keeping up with the ever-changing times of the industry. Margins are razor thin, and the thought of stronger or up-to-date cybersecurity measures can be tough to implement simply because it is looked at from a conceptual standpoint. Not until a breach happens does it become something of need.

Don’t fall into that trap. Just because it hasn’t happened yet, doesn’t mean hackers aren’t trying or a phishing scam can’t be unfurled. All it takes is one simple slip up. And while 38 percent of healthcare organizations have increased cybersecurity spending, according to the 2019 HIMSS Cybersecurity Survey, just putting more money into it will not solve all ills.

Creating a culture of security awareness is vital at all levels of the organization. From the CISO and doctors to nurses and even patients, building awareness about how to keep all data safe is imperative. The information stored within an organization is highly sensitive and highly valuable – fetching for as much as 10 times the price of common stolen personal data on the dark web – and organizations should care about how competent the guardians of that data are.

Lacking a plan or having already been hacked could also discourage candidates from joining the team, thus creating or deepening staff shortage. It could also create a snowball effect with those currently on staff seeking employment elsewhere where cybersecurity is of top priority.

A cybersecurity plan is an ever-evolving issue organizations must be cognizant of – the plan cannot be something looked at once. It should be a living, breathing entity within your organization, one that is regularly updated to meet new standards just as hackers are always looking for ways to gain an advantage or phishing scams become more and more sophisticated.

Share This Post

Click a social channel below to share

Share post on Linkedin Share post on Facebook Share on Twitter Email Post