As technology continues to transform the way healthcare organizations send and receive patient data, cybersecurity can no longer be considered an option. Healthcare data continues to become more digital, making it easier for hackers to get their hands on private health-related information.
"Ten years ago, we probably wouldn't even be here because there was no cyberthreat for hospitals or healthcare," said Denise Anderson, the President of the National Health Information Sharing and Analysis Center, according to Healthcare IT News.
In 2015, healthcare data breaches were the most reported incidents when it came to data security.
"But now, because of the electronic medical records, the internet and connectivity, things that we think are good because they create efficiency have also created an attack surface for the bad actors to come after and we're seeing that now."
In 2015, healthcare data breaches were the most reported incidents when it came to data security. Still, many healthcare organizations are taking a reactive approach to the issue of cybersecurity rather than a proactive one. A number of healthcare organizations are waiting until a major breach takes place before they begin implementing methods of cybersecurity.
If healthcare organizations continue with this passive approach, data loss will only continue to increase.
Keeping track of how data enters and flows through any healthcare organization can be difficult, making proper protection even more necessary. Hackers began to set their sights on healthcare organizations somewhere around 2012, and as time passes their tactics are only becoming more advanced, putting massive amounts of patient data at risk.
According to a study conducted by the Ponemon Institute, some healthcare organizations are experiencing at least one hacking incident per month over the previous 12 months. As part of the study, 535 IT security professionals working for government, private and public healthcare organizations were surveyed, and it was found that attackers have been focusing mostly on software vulnerabilities, particularly ones that are older than three months.
"From the criminal’s perspective, the beauty of these attacks is that they are relatively low-risk with a big potential to make plenty of money by using elegantly simple tactics," said Secure Ideas CEO Kevin Johnson, according to Healthcare IT News.
"As much as I'd like to say it's cool and magic, it’s really not. It's basic IT cleanliness," Johnson told Healthcare IT News. "And IT cleanliness is not ingrained in healthcare."
The number of devices that are connected to a network can also effect the amount of risk and vulnerability an organization could be facing.
For example, hospitals usually have a large number of devices connected to their network at any given time, and a number of these devices tend to be older, which means they probably weren’t built with proper protection.
"I've heard tales of like 20,000 devices that are connected to the internet and to the network. That's a huge load of devices with different infrastructures, different operating systems that people need to manage," Anderson said in an article for Healthcare IT News.
And this doesn’t account for the devices that employees or patients are using, which are usually not as protected as they should be.
"One of the things we've seen as a big problem in healthcare is just the basic loss or theft of portable devices. Laptops, phones, portable thumb drives. So encryption is going to play well in that space, which protects you from having to declare a data breach after you've lost control of a device. At least if you've got it encrypted you don't have to worry as much about the data," said Suzanne Widup, senior analyst of healthcare cybersecurity for Verizon, according to Healthcare IT News.
Some experts have said that employees can be the greatest vulnerability for any healthcare organization when it comes to cybersecurity. However, ramping up on education and employee training are both effective and affordable ways to rid a workplace of these bad habits that are putting patient data at risk.
In the event of a data breach, not only do healthcare organizations stand to potentially lose massive amounts of data and money, but they are also likely to lose the trust of their patients.
"It's the ultimate high stakes game because at some point if the trust breaks down between patients and clinicians such that people are afraid to share health information and withhold it instead because they don’t trust providers, that’s only going to escalate," said the CEO of application security specialist FairWarning Kurt Long, according to Healthcare IT News. "This is a battle we have to win."
As cybersecurity threats continue to rise for healthcare organizations, so will the need for cybersecurity professionals. According to a Modern Healthcare article, cybersecurity jobs are up 91% since 2010. The U.S. Bureau of Labor Statistics is also predicting an 18% growth in the field of information security from 2014 to 2024.
Most jobs in cybersecurity require at least a bachelor's degree, but anyone aspiring to be in a management or supervisory position should know that experience and higher education will most likely be required. Here is a list of jobs to look for within the field of cybersecurity:
While working as a cybersecurity professional, employees will be expected to perform tests on data processing systems, add new software to security files and keep virus protection systems up to date. Keeping other system users informed of programming changes and security violations is also an important part of the job.