Today, the risk of cyberattack, the numberof potentially affected organizations, and the damages are at never before seenlevels. Healthcare is a major target, even with HIPAA and privacy laws therestill a major risk and impact on patient care.
TheUnique Challenges of Cybersecurity in Health Care Protecting health care data is muchmore difficult than in other industries due to the use of special-purposecomputers, and the sharing of information between hospitals and medicalpractices.The health careindustry spends much less on security than other industries. In addition theindustry almost completely focuses on the protection of patient health recordsand not the protection of patient health from medical devices themselves.Attacksfor Profit There is lots of money incybercrime, and financial gain is the most common motivation. Medical recordsare much more valuable than social security numbers and credit cards on theblack market. Ransomwarehas become a popular method of profitability for criminals. When a computer isinfected, that computer is essentially locked. An infected computer can beransomed for profit or a network of computers for a greater sum.
Importantpoints in understanding ransomware attacks are as follows. The attack is onlypossible because someone installed malware on one of the organizationscomputers. Some malware may communicate with the outside world because of amole in the organization, damages include the stealing of passwords or theinterference of radiotherapy. Finally, a ransomware attack breaches HIPAA andthe organization could incur penalties. Collateral Damage Costs Acybersecurity problem can harm an organization in many ways. If the breachincludes PHI or PII then there may be fines or penalties. In addition, time andexpense will be very costly due to: Disclosure activities, public relations,legal counsel, and credit-monitoring services for individuals whose informationwas compromised.
ARisk-Informed Strategy Moremoney alone will not solve the healthcare security problem. Not all solutionsare suitable for all organizations. Cybersecurity spending should parallel tothe organization’s top risks and proportional to the risk in attempts to getrid of. Organizations should preform a cyber-risk assessment to determine theprotection they need. These questions should be asked:· Whatneeds to be protected?· Whatare the relevant threats?· Whatare the organizations vulnerabilities to the identified threats?· Whatimpact would a realized threat have on the organization?ConclusionSecurity in healthcare is an important challenge, andmeeting that challenge is not guaranteed.
However, organizations can greatlyimprove their security by properly employing recognized strategies to theproblem. In todays world it is very important for the healthcare financeleaders to ensure an emphasis on data security.