Implementing security solutions, such as firewalls and anti-malware software, is important in mitigating the risk of cyberattacks. However, you must also ensure that these controls are regularly checked and tested through a network security audit. This audit helps you uncover any weaknesses and vulnerabilities in your cyber defenses, so you can remedy them before hackers can exploit them.
Healthcare organizations, in particular, must be especially diligent in conducting routine network security checks for the following reasons:
Patient health information and IT systems are important to patient care
Healthcare providers are becoming increasingly reliant on technology as they continue to digitize and adopt internet-connected medical devices. Therefore, they must ensure that their IT systems are always accessible and secure. Otherwise, they may be unable to provide quality patient care.
For example, In March 2022, the Oklahoma City Indian Clinic experienced a cyberattack that disabled their pharmacy’s automatic refill line and mail order services. As a result, patients were forced to call the pharmacy if they needed prescription refills. And every time they called. they had to provide their prescription details, such as provider, drug name, and drug strength.
Unfortunately, the inability to access IT systems and patient data can have even more serious consequences. According to a Ponemon Institute 2021 report, 70% of healthcare providers that suffered ransomware attacks reported longer patient hospital stays and delays in medical procedures. Such delays resulted in poor patient health outcomes like increased health complications. What’s more, the majority of organizations also said that such attacks increased patient transfers. Such was the case in 2020 when a German hospital had to stop admitting patients after a ransomware attack affected their IT systems.
Healthcare providers rely heavily on patient data and their IT systems, so if these become inaccessible, they will likely pay the ransom that attackers demand to immediately regain access. For example, in 2020, a hospital in Indiana paid around $55,000 to recover files that were encrypted in a ransomware attack. The hospital’s chief strategy officer called the ransom reasonable when weighed against the cost of being unable to properly care for patients due to IT downtime.
Healthcare organizations are required to safeguard patient data
The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers and other covered entities to ensure that patients’ protected health information (PHI) aren’t disclosed without their patients’ consent or knowledge.
PHI is any information that was created, used, or disclosed while providing healthcare services and can be used to identify a person. Such information can include:
- Medical record numbers
- Hospitalization details
- Laboratory test results
- Treatment information
- Drug prescriptions
Entities covered by HIPAA must implement administrative, physical, and technical safeguards to protect electronic PHI (ePHI). If they fail to do so, they may end up paying penalties for HIPAA noncompliance, which range from $100 to $50,000 per individual violation.
Cybercriminals are increasingly targeting the healthcare industry
The black market price of a single ePHI record is $250, while payment card information is only $5.40. Given this, it’s no surprise that cybercriminals keep targeting healthcare organizations. In fact, in 2021, the Department of Health and Human Services received reports of 712 healthcare data breaches — that’s the highest number of healthcare data breaches in a year to date! Almost three-fourths of those breaches occurred because of hacking and other IT incidents, compromising 45 million ePHI records.
SpectrumWise specializes in helping organizations in the healthcare industry. When you partner with us, you need not worry about IT issues and you can focus on caring for your patients. Schedule a consultation with us today!