Over the last 40 years, Ambulatory Surgical Centers (ASCs) have become a model for surgical services by providing high-quality, low-cost health care.

By breaking away from hospitals and developing ASCs, physicians were able to sidestep a number of issues such as scheduling delays, the limited availability of operating rooms and hospital red tape that often made obtaining new and specialized medical equipment a struggle.

However, there is one major issue plaguing hospitals that ASCs have not been able to escape, and may even be more vulnerable to. That is the threat of a devastating cyber attack.

Stolen medical information can be sold on the black market for more than 100 times the value of credit card information.

Big Business In Stolen Medical Records

In an industry like healthcare, cybersecurity is particularly important. Providers are entrusted with the personal information of their patients, including everything from social security numbers, to credit card numbers to medical history.

According to Aite Group, stolen medical information can be sold on the black market for more than 100 times the value of credit card information. This information can then be used to purchase medical equipment or drugs to resell, or even used to match patient numbers with false providers to file fraudulent payer claims.

ASCs Cybersecurity, HIPAA Cybersecurity, Mice 360, Healthcare

With stolen medical information fetching such a high price, it isn’t surprising to learn that, according to KPMG, 81 percent of healthcare providers in the United States experienced a cyber attack during 2014/2015. Additionally, KPMG also found that healthcare providers are often woefully unprepared for modern cyber threats. Only 53 percent of providers and 66 percent of payers believe they have sufficient defenses to fend off a cyber attack.

And while hackers receive the bulk of bad press when it comes to data theft and cybersecurity, the reality is that most data breaches stem from the behavior of an organization’s own employees. A Forrester study shows that the majority of data breaches, 61%, start with negligent or malicious employees. Negligent employees (e.g., an employee replying to a phishing scam) account for 36% of those breaches.

ASCs Cybersecurity, HIPAA Cybersecurity, Mice 360, Healthcare

Unfortunately, ASCs aren’t immune to any of these threats. In fact Nelson Gomes, Group President and CEO of PriorityOne Group believes that hackers could specifically target ASCs because their systems are easier to attack than those of larger hospital systems. Additionally, Gomes adds that because ASCs might not find the issue right away, hackers would be given additional time to copy and transfer large amounts of data out of ASCs’ systems.

Firewalls aren’t enough. While they do offer ASCs some protection against possible outsider threats, if hackers are able to break through the firewall, they will have access to all the information inside of your organization.

How Can ASCs Protect Their Data?

Following are potential risks and concerns for ASCs to consider:


Encrypt Your Data at the Data Level

Firewalls aren’t enough. While they do offer some protection against possible outsider threats, if hackers are able to break through the firewall, they will have access to all the information inside of your organization. Additionally, firewalls do not protect your information from the threats inside your organization, such as negligent or malicious employees, who have permission to access your organization’s data. And what happens to any data you send outside of your organization? It is completely unprotected. By securing data at the data level, each and every individual file is protected, even when it travels outside of your organization and across domains. If a hacker is able to break through your organization’s perimeter defenses, they will be met with nothing but individually encrypted files, which will be impossible to access.

Zero-Knowledge Privacy

It is important to work with a cybersecurity provider that offers zero-knowledge privacy. The means the cybersecurity provider is never able to view your data since the encryption keys always remain with the your organization. Your organization’s data is always encrypted on your device and only you keep the encryption keys. Many cybersecuriry providers will store your organization’s encryption keys, meaning they then have access to all of your organization’s data.

Identity Management

It is important to know that the individuals accessing your data are who they say they are. Invest in a multi-factor identity management system so that users must enter two or more credentials in order to access data. Those credentials could include a passphrase along with biometric verification or a security token such as a proximity card.

Data Monitoring and Audit Trails

It is important to have your data monitored both on your network and in the Cloud so that you can be immediately alerted to any suspicious activity and take action. Additionally, tamper-proof audit trails will allow you to see how your team is accessing and utilizing your organization’s data.

Access Control

Your organization must be able to limit or cut user access immediately in case of suspicious user behavior. Additionally, this feature will make it possible for your organization to eliminate all access to data for former employees as soon as they leave.

BYOD Device Security

All endpoints must be protected. If even a single device connected to the network or server is missed, this could create vulnerability. It is only becoming more common for employees to user their own devices (smart phones) to conduct business. Make sure these devices are also well protected.

Ransomware Protection

Between ransomware and email spoofing, hackers are using increasingly sophisticated methods in their attacks. Make sure your organization has protection along with a reliable and properly configured backup system that is built to meet your organization’s specific needs.

Security Software Updates are Critical

Hackers are constantly evolving and refining their tactics. Cybersecurity software must undergo regular updates in order to keep defenses strong.

If you are looking to secure your organization’s data and connected devices while gaining protection against ransomware, phishing attacks and insider threats, contact us today.