The health care sector should prepare for cybersecurity in 2015, as it's expected to become a huge target. Breaches within the sector can prove even more costly than those afflicting other industries, with HealthITSecurity reporting that such incidents are affected by factors such as HIPAA fines, which can amount to anything from $100 to $50,000 per each violation.
What can health care companies do to prepare for the cyberattack attempts that they are highly likely to face in the new year?
HIPAA and the need for cybersecurity
HIPAA, which stands for the Health Information Protection and Security Act, has required health care companies to put technical safeguards in place to keep sensitive data secure. These types of preemptive actions are necessary because of previous attacks on the health care industry, such as one orchestrated by the group Fin4, which worked to infiltrate pharmaceutical and health care companies in the hope that compromising privileged information would affect the global market.
The New York Times reported that FireEye, a Silicon Valley security company, researched the group and found it was composed of native English speakers based in North America or Western Europe who were experienced in Wall Street jargon. The hacker group crafted unique emails tailored to each victim to facilitate the take over of accounts and acquire sensitive information. The list of victims included top-level executives and legal counsel. The group also compromised company documents.
The danger health care faces
According to a survey by IDC Health Insights, 39 percent of respondents said they had experienced more than 10 cyberattacks in the last year, and 27 percent of those attacks were successful in compromising information. Since hackers have only been getting better in the ways they attack and the technology they have been infiltrating, this percentage will only rise.
"Today's health care organizations are at a greater risk of a cyberattack than ever before, in part because electronic health information is more widely available today than in the nearly 20 years since the Health Insurance Portability and Accountability Act was passed in 1996," IDC Health Insights Research Vice President Lynne Dunbrack said in a statement. "For health care organizations, it's not a matter of whether they are going to be attacked, but when."
Even medical devices and hospital equipment are at risk of being hacked into, and the Department of Homeland Security has been investigating their safety, according to FierceHealthIT. Many health care companies that sell this equipment have no cybersecurity precautions set in place for it, according to The New York Times.
This has definitely affected the way people view cybersecurity in health care, as after FireEye's chief executive David G. Dewalt appeared on "60 Minutes" to discuss cybersecurity in the health care industry, the stock in the company's shares have gone down from $100 a share to $30. Cybersecurity is beginning to be taken seriously by everyone - not just companies working in an industry that is affected by it, but those who are investing in them.
What can the health care industry do
There doesn't seem to be a certain concrete way to implement cybersecurity into any industry, so finding more initiative to research ways to do so should be a top priority. The executives whose inboxes are being targeted should take steps to implement basic cybersecurity methods such as email encryption.
Email encryption alone won't protect something as big as the health care industry, but it is definitely a solid first step. Good cybersecurity takes layers of backup, such as firewalls on top of email encryption and preventative elements for malware and hacker intrusion. If companies do their research and look to secure email providers for information, they can protect the sensitive data in their systems.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)