No industry or sector is immune to hacking. This was made painfully clear when a cyber-attacker using WannaCry ransomware crippled healthcare institutions around the world. A May 2016 report from the Ponemon Institute indicated that more than 25 per cent of all data breaches were related to health care. The estimated loss to the industry is $5.6 billion per year. These stats should be a wake-up call.
Given that most transactions in the healthcare sector are conducted through vulnerable hardware and software, it’s critical for providers and payers to strengthen their cybersecurity. But security sits across many different factions of an organisation, from its people to its processes. Below are four tips on how to make a more secure vision a reality.
1. Security-first workplace
Care providers should apply strong encryption to all patient data and limit who has permission to access medical charts. In addition, organisations should monitor searches and downloads from their IT systems by tracking exfiltrated data such as large batch files of patient, research, financial, or other sensitive information.
2. Security-first workforce
Human error, including falling for phishing attacks, is the leading cause of major security breaches today. Healthcare systems should regularly remind people of the importance of information security best practices through required training, strategic reminders, and other means.
3. Security-first workflow
Hospitals and healthcare systems have diversified supply chains and massive lists of vendors with whom they digitally interface. They are a tempting way for cybercriminals to gain access to healthcare organisations’ IT systems. Consequently, care providers must understand the many moving parts that are involved and protect their relationships and information exchanges with and among those groups.
4. Secure technology solutions
It’s true that the healthcare industry doesn’t always use the most cutting-edge technology, which could be a contributing factor as to why cyberattacks on healthcare are growing. Organisations need to implement a hardware layer of security to protect devices by acting as a security monitor and physically preventing the intrusion of malware. While infrastructure cyberattacks can cause massive damage, only a single machine needs to be penetrated to compromise an entire network. This is why a hardware layer is a necessity and should be included as part of a comprehensive cybersecurity program. Every machine needs to be protected without the need for software updates or human intervention.
In today’s digitally transforming world, protecting patients’ health information will take a highly coordinated effort among care providers, insurers, and institutions, as well as significant investments in new tools and practices. It also will require healthcare institutions to look at the cyber risks across their business, not simply in one area but holistically across the entire organisation. In any case, cybersecurity must be a priority.
Find out more about Toshiba laptops, 2-in-1’s and solutions with Intel® Core™ Processors
Intel, the Intel Logo, Intel Inside, Intel Core, and Core Inside are trademarks of Intel Corporation in the U.S. and/or other countries.