While implementing cybersecurity solutions such as anti-malware programs and firewalls is crucial in mitigating the risk of attacks, it’s also important that these controls are regularly checked and tested. This way, weaknesses and vulnerabilities in network security can be uncovered and remedied before these could be exploited.
Organizations in the healthcare industry, in particular, must be especially diligent in carrying out routine network security checks. Here are three reasons why:
1. Patient data and IT systems are crucial to patient care
Healthcare businesses are becoming more reliant on IT as they continue to digitize and adopt more internet-connected medical devices. This means that they need IT networks that are stable and secure at all times. Otherwise, they might jeopardize the health of their patients.
For example, in 2020, Universal Health Services hospitals suffered widespread outages resulting in inaccessible medical records, delayed laboratory results and treatments, and ambulance diversions. In the same year, a German hospital was forced to stop admitting patients because a ransomware attack disrupted their IT systems. One of their patients, who badly needed medical attention, had to be transferred to another hospital 20 miles away and died in transit.
Healthcare providers depend heavily on patient information and IT networks, so if these become inaccessible, they usually do anything they can to immediately regain access, even if it means paying a ransom. An Indiana hospital, for instance, paid roughly $55,000 to recover files encrypted in a ransomware attack.
In an interview, the hospital’s chief strategy officer Rob Matt explained why they paid the ransom. “When you weigh the cost of delivering high-quality care...versus not paying and bearing the consequences of a new system — the amount of the ransom was reasonable in respect to the cost of continuing downtime and not being able to care for patients.”
Losing access to their data and IT systems can be so paralyzing to healthcare centers that some shut down their operations altogether after suffering a cyberattack. For example, a medical clinic in California announced permanent closure due to a ransomware attack. An ENT (ear, nose, and throat) and hearing center in Michigan also closed after a hacker wiped out all of its files.
2. Healthcare companies handle data protected by HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare providers, health plan companies, and other covered entities to safeguard protected health information (PHI) from being disclosed without the patient’s consent or knowledge.
PHI is any information that can be used to identify a person and that relates to that individual’s past, present, or future healthcare information such as:
- Laboratory test results
- Treatment details
- Hospitalization dates
- Drug prescriptions
- Medical record numbers
- Health plan beneficiaries
Under HIPAA, covered entities must implement technical safeguards, such as access controls and encryption software, to protect electronic PHI. If they become negligent in their network security, they run the risk of paying penalties for HIPAA noncompliance, which range from $100 to $50,000 per individual violation. In fact, health insurer Anthem paid $16 million — the largest HIPAA fine to date — to settle data breaches resulting from multiple targeted cyberattacks in 2015.
3. Hackers love targeting the healthcare industry
While all industries can fall victim to a cyberattack, the healthcare sector is particularly a popular target. Prior to the pandemic, the number of cyberattacks against hospitals, doctors’ clinics, and other healthcare organizations was already skyrocketing; 41.4 million patient records were breached in 2019 compared to 15 million records in 2018.
In 2020, the healthcare industry was one of the five sectors most targeted by ransomware, with 560 healthcare facilities falling victim to it. Ransomware attacks on the industry are even forecasted to increase five times in 2021.
The aforementioned reasons clearly illustrate why healthcare businesses ought to take network security checks seriously. By doing so, they can ensure that their cybersecurity controls are effective in safeguarding their patient data and IT systems.
Healthy IT specializes in helping healthcare organizations. With us as your partner, you can forget about IT issues and focus on caring for your patients. Schedule your FREE consultation today!