Now that school is back in session, thoughts turn from sunny days of vacation to a more serious, academic mindset. Take advantage of this time to evaluate your progress in the areas that are critical to the survival of your business – most notably, cyber security.
Nearly 100 million health records were stolen in 2015. According to a survey by HIMSS Analytics and Symantec, more than 80% of healthcare organizations spend less than 6% of their IT budgets on security. Not a great way to ensure success.
How do your security efforts stack up? Are you where you need to be? Check out these 4 key data privacy and security issues you'll want to make sure you're acing in 2017:
1. Ransomware
Ransomware might seem like the least of your worries when you hear that it only cost Hollywood Presbyterian $17,000 to have their records restored. That's small potatoes when the average data breach costs about $2.2 million. But don't be fooled. Ransomware is weaponized encryption that poses a significant risk to patient privacy. It has the power to cause complete organizational shut down. If you aren't prepared to defend yourself from this type of attack, your security strategy will suffer.
Thankfully, there are a lot of easy-to-implement measures that will help keep your organization protected. Patch systems aggressively so malware can't infect through known vulnerabilities. Back up all documents in offline storage. Educate staff about unsafe online behavior.
Protecting yourself from ransomware comes down to vigilance. You only need to get caught napping in class once for the safety of your data to be at risk.
2. Critical shortage in the cybersecurity workforce
With cyber threats increasing dramatically, it's no wonder there's an acute skills gap. The Bureau of Labor Statistics predicts that demand for cyber security jobs will grow by 53% over the next two years. If you're feeling the pinch, you aren't alone. The Center for Strategic and International Studies revealed that 82% of study participants reported a shortage of security skills in their organizations.
Your cyber security plan undoubtedly relies heavily on having the right staff in place. While this shortage of qualified help is alarming, there are things you can do to make sure it doesn't compromise your security:
- Keep existing staff by offering training. Money spent on education is well worth it in the long run.
- Attract new talent by offering a competitive salary. Money talks. Expect to pay to hire the best talent.
- Outsource. There are plenty of reliable services you can take advantage of to fill critical functions.
- Fill gaps with technology. Technology, especially solutions that offer real-time monitoring and behavior analysis, is often the best way to prevent cyber-attacks. To proactively address security issues, implement a system that can act as a watch dog for all networks and systems, understanding that activity in the context of what's normal for your organization.
3. Threats to connected medical devices
As the use of connected medical devices accelerates, more security holes are created, increasing the likelihood of a serious security incident that affects patient care. According to Forrester Research, unsecured medical devices are putting hospitals and patients at risk. But whether the security issue is accidental infection from malware or otherwise, the result is degraded device performance and even an interruption of clinical operations. If you aren't prepared for this type of attack, patient lives could be at risk. Insulate your organization by prioritizing existing devices to address the biggest risks first. Implement a critical risk management framework, make sure employees follow common sense security protocols, and making sure to include security requirements in new device requests. By keeping connected devices high on your security radar, you stand a much better chance of passing any surprise security tests of your equipment.
4. Protection at all levels of your organization
The security of your patient data – and possibly even the safety of your patients – are at greater risk than ever before. To keep your organization protected you need a security plan that assesses the organization holistically and applies appropriate security controls throughout. No potential point of vulnerability is too small to consider, right down to work stations that are left unlocked when an employee steps away from their desk.
It's also critical to select the right security solution, because they aren't all created equal. Take, for example, log files. Once the hallmark of a truly secure organization, they've fallen out of favor – and for good reason. While excellent at compiling a list of network activity that can be reviewed after an incident has taken place, log files are useless in stopping a cyber-attack before it happens. A solution that utilizes real-time monitoring and behavior analysis is designed to do just that -- stop attacks before any damage can be done. By observing all network activity and creating profiles of typical activity, it's possible to immediately spot actions that fall outside the norm. Consider an employee who routinely logs in at 9 am, logs out at 5 pm, and views a small number of patient records every day. If that user all of a sudden starts logging in late at night, accessing a high volume of records, you likely have a problem on your hands. Without real time monitoring and behavior analysis in place, you'd never know that suspicious behavior was taking place until it was too late.
Just as with the start of the school year, protecting your organization from growing cyber threats can seem daunting. Being prepared is the key to success, however. Don't wait to study for the test until it's too late! Take the necessary measures you need now, and the rest of the year will be smooth sailing.
Boaz Krelbaum joined Bottomline Technology as the General Manager and CTO of the Cyber Fraud and Risk Management line of business, following an acquisition of Intellinx Ltd by Bottomline. Boaz co-founded Intellinx Ltd. and oversaw the US Operations, including responsibility for strategic alliances. In his role as CTO, Boaz was responsible for Research & Development as well as the directions of Intellinx patented technologies. Boaz has over 20 years of experience in software development of middleware, database products and enterprise applications. Boaz holds a B.Sc. Cum Lauda in Mathematics and Computer Science from Tel-Aviv University, Israel and an LL.B. from the Tel-Aviv University's Faculty of Law. Boaz is also a certified lawyer.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.