With cyber attacks bombarding the healthcare industry, it is no surprise that organizations are scrambling to find cover.
Recently, Becker’s Hospital Review interviewed four experts to report on the most significant threats facing hospitals today. Considering the ever increasing size and scope of recent data breaches experienced by various healthcare providers, it is understandable that three of the four experts interviewed pegged the lack of healthcare cybersecurity as the top concern.
From Becker’s Hospital Review:
Clint Matthews – President and CEO of Reading Health System (West Reading, PA)
“The shift to a value-based environment, combined with population health and managing a continuum of care, mandates that we provide the right care, at the right place, at the right time.”
Dave Schuette – Executive Vice President and President of the Enterprise Business Unit of Synchronoss, a managed mobility solutions company (Bridgewater, NJ)
“A 2015 study published in the Journal of Hospital Librarianship estimated that 85 percent of healthcare professionals were bringing their own devices to work to utilize the company IT network and software. No matter who owns the device, the hospital or practice is responsible for the data on it and how it’s used. If there’s a liability, the hospital or practice is unfortunately accountable. The financial ramifications alone give hospital executives pause given HIPAA regulations place tighter controls over protected health information with a hefty penalty of $1.5 million per data breach per incident. Additionally, data breaches involving lost or stolen smartphones and tablets that contain patient data would require the notification of each patient involved, a costly and labor-intensive task.”
David Sholkovitz – Marketing Director of Cambridge Sound Management, developer of the QT Technology for sound masking (Waltham, MA)
“In today’s medical offices, protecting patient privacy is critical and is enforced via strict HIPAA privacy regulations.”
Daniel Cotter – Attorney at Butler Rubin Saltarelli & Boyd (Chicago, IL)
“Cybersecurity is the biggest threat currently facing hospitals.”
“The financial ramifications alone give hospital executives pause given HIPAA regulations place tighter controls over protected health information with a hefty penalty of $1.5 million per data breach per incident.”
Dave Schuette – Executive Vice President and President of the Enterprise Business Unit of Synchronoss
Just how big is the problem?
In the last four weeks alone, healthcare organizations reported 16 security violations, the majority of which revolved around the lack of healthcare cybersecurity.
Following are the top five largest of the 16 security violations complied by Becker’s Health, IT & CIO Review:
Keck Medicine, Los Angeles, CA
The University of Southern California’s Keck and Norris Hospitals reported that they were the victims of a ransomware attack that encrypted data on the hospitals’ servers. The attack left employees unable to access files, some of which contained sensitive information such as name and demographic information and birth date along with treatment and diagnosis for some patients, and in some instances, social security numbers.
Codman Square Health Center, Dorchester, MA
An individual accessed a health information exchange without authorization and against the organization’s policies. The exchange contained names, addresses, birth dates, gender, medical services payer information and medical insurance coverage information. For some, but not all individuals, Social Security numbers may have been accessed.
World-Anti Doping Agency Database
The World Anti-Doping Agency revealed that Russian government hackers (the same hackers responsible for the recent DNC data leak) broke into a data base containing drug-test results and confidential medical information from the Rio de Janeiro Olympics. Well-known athletes impacted by the data leak include Venus and Serena Williams, Simone Biles and Elena Delle Donne.
Saint Francis Health System, Tulsa, OK
The hospital experienced unauthorized external access of a server. This led to the extraction of patient information and the hospital receiving an anonymous demand for payment in order to recover the information. The hospital made the decision not to act on the demand because, according to a statement from Saint Francis, “payment does not guarantee or prevent data from being disclosed.”
Geisinger Health Plan, Danville, PA
Geisinger Health Plan notified members that some of their Protected Health Information (PHI) had been disclosed in an unauthorized manner. A processing error resulted in a limited amount of member PHI being mistakenly mailed to private citizens.
Solving The Lack Of Healthcare Cybersecurity
Today’s security solutions function as an add-on that’s bolted onto an organization’s network, and unfortunately it shows. In reality, all other security systems are only treating the symptoms. The actual root cause for data leakage is the underlying architecture, which does NOT have security built-in.
Mice 360 offers the only platform that eliminates the root cause by fixing the underlying architecture. The Mice 360 cybersecurity platform integrates security at the data level, so that data is secure at all times.
In fact, the Mice 360 solution prevents all top three reasons cited for data breaches:
- Weak Password Credentials, which get hacked through brute force (dictionary attacks).
- Stolen Password Credentials; for example, having a complex password but then reusing it across numerous but disparate systems such as your work password also being the password for all of your social media sites.
- Successfully being taken in by social hacking or phishing scams, resulting in loss of credentials or direct loss of data through the installation of back doors.
Deliberate data misuse or theft by authorized insiders; both employees and vendors.
Ransomware attacks leading to extortion, data destruction, data theft or all three.