The digitalization of healthcare communication has greatly impacted how healthcare professionals use medical devices, perform patient care, and conduct internal operations. Electronic health record (EHR) mandates and widespread adoption of mobile devices has accelerated at such a rapid pace, healthcare cybersecurity companies are making mistakes that are inviting malicious hackers inside. Unfortunately, the healthcare industry has developed a negative reputation due to frequent data breaches, ransomware attacks, and security threats. It is time to revive the industry and get it on a path to a healthy recovery.
Healthcare Cybersecurity Statistics
- More than 300 reported data breaches
- More than 16 million Americans impacted
- 62% of healthcare organizations have experienced a breach in past 12 months
Causes for these attacks like unencrypted, lost and stolen devices, outdated systems, and sheer lack of cyber professional personnel contribute to the health care industry’s demise. It allows cybercriminals to steal financial and billing information from hospitals, patient records, and even bank account numbers.
The following organizations have fallen victim to attacks. Their suffering gives us a glimpse into the severity of healthcare cybersecurity threats. It also sheds light on how healthcare cybersecurity spending can be re-directed to support cyber teams so they can better prevent an attack of their own.
- SSM Health in St. Louis : A former call center employee accessed 29,000 patient records including demographics and clinical information. The former employee did not have access to financial information, according to the statement.
- 21st Century Oncology of Fort Myers, FL : An unauthorized third party gained access to a company database, putting 2.2 million individuals at risk. Data stolen may have included patient names, social security numbers, physician names, diagnosis and treatment information, and insurance information.
- UNC Dermatology and Skin Cancer Center : A stolen computer contained roughly 24,000 patients with records detailing names, addresses, phone numbers, birthdates, Social Security numbers, employment status, and employer names.
- Sinai Health System in Chicago : A phishing scam affected approximately 11,350 people of the seven-member hospital system. The investigation reported no financial information was compromised but patient information may have been compromised.
- Henry Ford in Michigan : A cybercriminal accessed email credentials from a group of employees to view and steal the data of 18,470 patients. While the email accounts were password protected and encrypted, the hacker accessed patient names, dates of birth, medical record numbers, provider names, dates of service, health insurer, medical conditions and locations.
There is good news, however. These threats can be mitigated with the right “medicine.” How?
Stopping Healthcare Cybersecurity Threats
Cybersecurity starts and ends with humans. It is the people controlling the use and deployment of technologies who have the ultimate power to create a secure cyber environment. Therefore, we advocate for a “data privacy first” mentality that places people at the center of cybersecurity in the healthcare industry.
Cyber teams can engage in persistent learning and skill-building opportunities to learn how best to protect patients and minimize security risk and identity theft. Protected health information and patient security is of utmost importance to healthcare cybersecurity so if cyber professionals and non-cyber professionals like understand how to improve data security, patients and the facilities that house them will be better protected.