By now you may have heard about the recent ransom attack at Hollywood Presbyterian Medical Center. Hackers held the hospital’s electronics medical records (EMR) system hostage, demanding a ransom for their release, which the hospital paid. Your first thought was probably, “I wonder how they [the hackers] got in?” A more accurate question may be, “I wonder why we don’t hear about this more often?” The fact is, these cybercrimes are happening far too regularly. They simply don’t always make the news.
Ransoming data is the new frontier in cybercrime. And valuable health care data is the latest target. Hackers know that hospitals are a rich source of data and know its value, as the growing use of ransomware demonstrates. Digital health vendors, payers and providers alike have shared with us that they’re under attack regularly. That doesn’t mean the hackers get through every time, but the attempt indicators are there for IT experts to monitor and defend against.
So how do we defend against cybercrime?
Our first line of defense is people! Employees who aren’t trained on how to avoid email phishing scams or on the importance of logging off every time they leave their workstation, are soft targets. And 3rd party vendors can leave an organization open to security gaps outside their control.
As I mentioned in a previous blog, “the greater number of people who have access to personal health data, the greater the data security risk.” That goes for any data. California’s Attorney General just released a report stating that 49 million Californians have been victims of a data breach in the last 3 years, and states that “the majority of these breaches resulted from security failures.”
Add to that the horror story of Sony’s malware attack, as well as that of Anthem’s, with the unsuspecting employees caught in a phishing scam. Then imagine the myriad of other instances that don’t make mainstream news.
I don’t subscribe to the fear monger philosophy, but I also can’t deny that the threat is real. If we in the digital space are to be successful in business, then we have to take the best steps possible to protect our data. Investment in security tools and technologies is key, but don’t ignore the people and the processes.
- Be vigilant – stick to and monitor privacy and security procedures
- Be prepared – invest in your people – both training and testing
- Don’t forget 3rd party vendors who access your organizations sensitive data
With proper training on correct procedures, strong policy development and continual tracking, healthcare organizations can go a long way toward preventing a data breach.
To learn more about IT Security and Compliance and how your company measures up on best practices, take a free online High Level Assessment. Or contact us for a free consultation with one of our experts.