Topic: It’s Time To Re-Engineer Health Care Cybersecurity

Health care data is valuable, which is one of the reasons why it’s so heavily targeted by hackers and cybercriminals. In the midst of a global pandemic, the threat is even greater.

As recently as May 5, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) issued a joint alert to warn that “advanced persistent threat (APT) groups are exploiting the Covid-19 pandemic” to specifically target “healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments,” presumably in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.

While it’s disheartening that our global health crisis comes accompanied by increased health care cyber threats, it shouldn’t be surprising. Cybersecurity in the health care sector is completely fractured and thus ripe for an incursion.

The situation was dire even before the pandemic. According to HIPAA Journal, “510 healthcare data breaches of 500 or more records were reported” in 2019, representing a 196% increase from 2018. The number of individual health care records breached so far in 2020 is likewise troubling, with the journal reporting a staggering 1,531,855 in February 2020 alone.

These cybersecurity issues aren’t harmless, and they affect everything from care delivery to solvency. Health care IT News noted that “according to a 2019 American Medical Association-Accenture Medical Cybersecurity Survey, 36% of health institutions were unable to provide care for at least five hours as a result of cyberattacks.” Separately, Security Boulevard noted that the average cost of a health care data breach is $6.45 million, adding that “the 2019 Cost of a Data Breach Report by the Ponemon Institute and IBM indicates that healthcare is the most expensive industry in terms of the total average cost per breach. They also had the longest data breach lifecycle—the time it takes to identify and contain a breach—of 329 days.”

It’s not that competent people aren’t trying to defend health care. Every modern health care organization has some combination of IT security package, services and/or policy. The problem is that none of it is really working.

Ask almost any health care leader if their organization’s data was stolen today. Or whether unauthorized access to patient records occurred in the last hour. Or if their employees were targeted by a phishing scam this week. Or how likely they are to fall victim to a ransomware attack this year. Then ask how each of those will affect their operation. They likely will not be able to give you definitive answers because existing health care cybersecurity doesn’t work that way — but it should.

Topic Discussed: It’s Time To Re-Engineer Health Care Cybersecurity

Read Original Article