Technology is both a blessing and a curse to the healthcare industry. Applications, websites and other IT solutions help healthcare organizations deliver high-quality patient care. However, these solutions can also provide cyber-criminals with opportunities to attack hospitals, medical centers, physician offices, and other healthcare providers that use these technologies. This situation is so serious that cybersecurity is the top hazard in the ECRI Institute’s “2019 Top 10 Health Technology Hazards” list. IT solutions can lead to cybersecurity threats in many different ways. As a result, healthcare providers need to have a comprehensive strategy to mitigate risks.
How IT solutions can lead to cybersecurity threats
How can seemingly innocuous apps, websites and other solutions lead to cybersecurity threats? A common cause is that these solutions are not adequately protected and monitored. Consider the following:
Inadequate protection and monitoring are not the only causes of cybersecurity threats — the human element also plays a role. Cybersecurity threats can result from unintentional mistakes made by the staff. For example, even though email solutions have been around for many years, phishing emails are still prevalent — and still very effective. In 2018 alone, employees at New York Oncology Hematology, NorthStar Anesthesia, UnityPoint Health, and other healthcare organizations inadvertently fell for phishing emails, resulting in data breaches and compromised systems.
Moreover, insiders may intentionally use IT solutions for malevolent purposes. For instance, a McAfee study found that 22% of data breaches were caused by malicious insiders, including employees, contractors and suppliers. They used various internal solutions to steal customer, employee, and financial data as well as intellectual property.
How to mitigate the risks
There are numerous actions that healthcare providers should take to mitigate these threats. Beyond implementing basic protections (e.g., implementing security software, making sure all IT solutions are updated, set up securely with the latest patching), they should:
Managed security services to the rescue
While the list of actions that healthcare providers need to take is long, it is important for these measures to be taken. The consequences of not doing so can be costly. For example, data breaches alone cost organizations $61 million each year, according to the Internet Crime Complaint Center (IC3), which is part of the U.S. Federal Bureau of Investigation (FBI).
Healthcare organizations that want to concentrate on caring for their patients rather than trying to secure their IT solutions can rely on managed security services. With a managed security service provider, organizations can have around-the-clock protection without having to invest in advanced security systems and the staff needed to set up, manage, and monitor those systems.
This week from February 11-15, 2019 in Orlando, FL, Synoptek will be returning to participate in HIMSS19, the leading health information and technology conference that brings together 45,000+ professionals from around the world for the education, innovation and collaboration to succeed in the shared mission of transforming health. Stop by the Synoptek Booth #5785 to learn more about how we can help you tackle your biggest health IT challenges. We will also be offering complimentary cybersecurity health check assessments and presenting a cybersecurity session on Wednesday, February 13th at 11:45am about Risk Management Strategies in Today’s Patient Care. Click HERE to learn more.
About the Author
Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.