Today, the risk of cyberattack, the number
of potentially affected organizations, and the damages are at never before seen
levels. Healthcare is a major target, even with HIPAA and privacy laws there
still a major risk and impact on patient care.
Unique Challenges of Cybersecurity in Health Care
Protecting health care data is much
more difficult than in other industries due to the use of special-purpose
computers, and the sharing of information between hospitals and medical
The health care
industry spends much less on security than other industries. In addition the
industry almost completely focuses on the protection of patient health records
and not the protection of patient health from medical devices themselves.
There is lots of money in
cybercrime, and financial gain is the most common motivation. Medical records
are much more valuable than social security numbers and credit cards on the
has become a popular method of profitability for criminals. When a computer is
infected, that computer is essentially locked. An infected computer can be
ransomed for profit or a network of computers for a greater sum.
points in understanding ransomware attacks are as follows. The attack is only
possible because someone installed malware on one of the organizations
computers. Some malware may communicate with the outside world because of a
mole in the organization, damages include the stealing of passwords or the
interference of radiotherapy. Finally, a ransomware attack breaches HIPAA and
the organization could incur penalties.
Collateral Damage Costs
cybersecurity problem can harm an organization in many ways. If the breach
includes PHI or PII then there may be fines or penalties. In addition, time and
expense will be very costly due to: Disclosure activities, public relations,
legal counsel, and credit-monitoring services for individuals whose information
money alone will not solve the healthcare security problem. Not all solutions
are suitable for all organizations. Cybersecurity spending should parallel to
the organization’s top risks and proportional to the risk in attempts to get
rid of. Organizations should preform a cyber-risk assessment to determine the
protection they need. These questions should be asked:
needs to be protected?
are the relevant threats?
are the organizations vulnerabilities to the identified threats?
impact would a realized threat have on the organization?
Security in healthcare is an important challenge, and
meeting that challenge is not guaranteed. However, organizations can greatly
improve their security by properly employing recognized strategies to the
problem. In todays world it is very important for the healthcare finance
leaders to ensure an emphasis on data security.