“Hackers are looking for an organization that doesn’t have much in terms of cybersecurity resources. Health systems fit this description because they are traditionally focused on patients more than IT. Additionally, hospitals often rely on legacy systems, making them all the more vulnerable. All these together make it a hacker’s dream to come into a healthcare facility.”
Another key aspect of the problem is related to the connectivity of networks and devices. While providing many benefits, this connectivity creates vulnerabilities within systems; especially amongst the diversity of connected organizations, some that may not have the financial resources available to secure their systems and devices. The shocking truth is that this data-rich, but vulnerable environment is the target where the loss is not just counted in dollars, but in lives as well.
An additional aspect of the problem arises from the nature of the healthcare industry itself, where the primary focus is on sharing information between healthcare entities to enhance or enable patient health. In a crisis, the focus is driven by emergency procedures that may be required- data security is considered only secondarily, or as almost an afterthought.
While tending to the security of processes and technology, it is important not to minimize the importance of the human element of systems. A primary place to start is with the end user, or operator, to improve security. As systems grow and interconnect, the risk of cyberattacks will rise - as will, hopefully, the effectiveness of prevention, response, and recovery. It is important to understand how end-users operate. An evaluation of defined roles is required, as well as making sure end-users understand the importance of securing systems. Education and awareness are crucial.
A possibly overlooked but important step in this was revealed in a “study published in Healthcare Informatics Research [which] showed that 73 percent of healthcare professionals reported using another staff member’s password to access an EHR at work. Fifty-seven percent of those surveyed also estimated they have borrowed someone else’s password an average of 4.75 times.” Continued education will help ensure that the people who use the secure systems are aware of cybersecurity risks.
There are many aspects of cybersecurity to address for organizations- we can help determine where your organizations’ most pressing vulnerabilities are in helping to reduce the risk of falling prey to intruders.