It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no cookies and daily workouts, right?
Yet even with healthcare data breaches – and their settlement fines – at a stomach-dropping high, recent survey results show that nearly every healthcare organization’s C-suite responded that cybersecurity threats are still not part of board level discussions. What does this say about how seriously healthcare organizations and their leadership are taking patient data protection?
Add the $12 million+ in HIPAA settlement fines assessed in 2017, and it begs the question of how healthcare organizations and healthcare technology companies can afford to give cybersecurity such limited attention and resources. The same survey from Black Book indicates that only 15% of healthcare organizations plan to hire a CISO this year and that a mere fraction of budgets will be spent on cybersecurity.
Maybe it’s a matter of misunderstanding. Perhaps leadership is still thinking that cybersecurity only means ransomware. Retract that thought. Cybersecurity relates to “protection against criminal or unauthorized use of electronic data.” Now consider that the HIPAA settlement fines mentioned above overwhelmingly relate to electronic data breaches, such as:
- Loss of an unencrypted thumb drive = 2,000+ patient ePHI
- Unauthorized employee access = 115,000 ePHI
- Laptop theft, unencrypted = 2,000+ patient ePHI
- Laptop, mobile monitoring = 1,300+ ePHI
- Email phishing hack = 3,000+ ePHI
In fact, of all nine settlements, only one of which was hacker related, seven point to cybersecurity issues. When you take cybersecurity seriously, reporting breaches (including ransomware, despite the OCR guidance loophole), conducting a regular security risk analysis, and reducing your human risk factor, you build trust. Trust and reputation build; among your vendors, clients and patients.
For 2018, make a Cybersecurity Resolution. Place cybersecurity at the forefront of your organization’s goals, budget and resources. Build a strong information security framework. It’s far less expensive than HIPAA fines or loss of reputation. And maybe take a walk instead of eating that chocolate chip cookie.
Start working on your cybersecurity resolution TODAY and contact Ostendio for a free consultation with one of our security experts.