Today, not the protection of patient health from medical

Today, the risk of cyberattack, the number
of potentially affected organizations, and the damages are at never before seen
levels. Healthcare is a major target, even with HIPAA and privacy laws there
still a major risk and impact on patient care.

Unique Challenges of Cybersecurity in Health Care

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

            Protecting health care data is much
more difficult than in other industries due to the use of special-purpose
computers, and the sharing of information between hospitals and medical

The health care
industry spends much less on security than other industries. In addition the
industry almost completely focuses on the protection of patient health records
and not the protection of patient health from medical devices themselves.

for Profit

            There is lots of money in
cybercrime, and financial gain is the most common motivation. Medical records
are much more valuable than social security numbers and credit cards on the
black market.

has become a popular method of profitability for criminals. When a computer is
infected, that computer is essentially locked. An infected computer can be
ransomed for profit or a network of computers for a greater sum.

points in understanding ransomware attacks are as follows. The attack is only
possible because someone installed malware on one of the organizations
computers. Some malware may communicate with the outside world because of a
mole in the organization, damages include the stealing of passwords or the
interference of radiotherapy. Finally, a ransomware attack breaches HIPAA and
the organization could incur penalties.

 Collateral Damage Costs

cybersecurity problem can harm an organization in many ways. If the breach
includes PHI or PII then there may be fines or penalties. In addition, time and
expense will be very costly due to: Disclosure activities, public relations,
legal counsel, and credit-monitoring services for individuals whose information
was compromised.

Risk-Informed Strategy

money alone will not solve the healthcare security problem. Not all solutions
are suitable for all organizations. Cybersecurity spending should parallel to
the organization’s top risks and proportional to the risk in attempts to get
rid of. Organizations should preform a cyber-risk assessment to determine the
protection they need. These questions should be asked:

·       What
needs to be protected?

·       What
are the relevant threats?

·       What
are the organizations vulnerabilities to the identified threats?

·       What
impact would a realized threat have on the organization?


Security in healthcare is an important challenge, and
meeting that challenge is not guaranteed. However, organizations can greatly
improve their security by properly employing recognized strategies to the
problem. In todays world it is very important for the healthcare finance
leaders to ensure an emphasis on data security.