Cybersecurity Continues as a Major Threat to Health Care Organizations; Preparation is Key
March 15, 2018
Two surveys released this week highlight the increasing importance of preventing, minimizing, and communicating—both internally and externally—about cybersecurity incidents, as the number of cyberattacks involving health care organizations continues to increase.
According to online security experts at McAfee, cybersecurity incidents in the health care sector during 2017 rose 211 percent overall for the year, following a fourth quarter decrease of 78 percent. Most of the incidents resulted from the organizations’ failure to follow best practices, such as not installing software security patches, allowing password sharing, using default passwords, using outdated software, and allowing exposed servers.
The 211 percent increase in the health care industry’s cyberattacks, according to the “McAfee Labs Threats Report for March 2018,” is a significant increase when compared to the 125 percent increase in education and 15 percent increase in the financial and public sectors. The report also warns that the number of newly detected malware threats has doubled compared to last quarter; 478 new online threats are detected every minute.
The increasing number of medical equipment devices like ultrasounds, MRIs, and other wireless medical electronics all are vulnerable to hacking, providing a new and growing target for hackers.
The “2018 Impact of Cyber Insecurity on Healthcare Organizations” study, released by Merlin International, in partnership with the Ponemon Institute, provides insight into the top concerns among health care administrators about cybersecurity:
- 52 percent of respondents cited the lack of employee awareness and training
- 74 percent indicated insufficient staff; 60 percent said they didn’t have the necessary cybersecurity talent on staff
- 65 percent were unsure if medical devices were part of their cybersecurity strategy
- 49 percent weren’t aware of established incident response procedures within their facility
With an average cost of a security compromise estimated at four million dollars, online security experts strongly recommended that health care organizations consider investing in the personnel, training, equipment, and follow-up policies necessary to prevent, minimize, and/or communicate with the public about cybersecurity incidents.
HAP’s emergency preparedness team is available to assist member hospitals and health systems with cybersecurity concerns. Armed with knowledge about the latest trends in malware and compliance, staff is able to help hospitals:
- Assess individual situations and work toward limiting potential risks
- Maintain protocols and share best practices
- Comply with industry and national reporting requirements at both the state and federal levels in the event of a breach
In addition to ongoing member support through HAP’s emergency preparedness staff, HAP next month is hosting national speakers during an April 12 communications conference. Topics during the one-day conference include internal communications strategies, and preparing for crisis communications in the event of a cybersecurity or other type of event. The full meeting agenda is available at HAP’s website.
For more information about HAP’s emergency preparedness efforts, please contact Mark Ross, regional manager. If you would like more information about the upcoming communications conference, contact Julie Kissinger, vice president, communications and public affairs.