By INSURICA and Cyberforce|Q
Health care organizations are one of the most prominent targets for cyber-attacks, and the impacts of these attacks can be substantial. In 2021, 50 million health care records were exposed or compromised and the average cost from a data breach in the health care industry was $9.23 million. Additionally, these attacks have sometimes resulted in patient diversions, longer lengths of stay and loss of trust from patients. In a study by Ponemon and Becker’s Hospital Review, 22% of health care organizations reported increased mortality rates from ransomware and 36% noted an increase in complications from medical procedures after a ransomware attack.
With the extensive impact of these attacks, cybersecurity issues are no longer considered simply a technological problem. Because cyber-attacks have the potential to significantly affect an organization’s infrastructure, reputation, supply chain and even patient care, these issues are now considered enterprise-wide risks and overall business problems for organizational and operational functions across the board.
So, how can a health care organization combat these attacks and protect their infrastructure, patients and data? First, it is important to understand the strength of your organization’s security measures. By utilizing cybersecurity frameworks from institutions such as the National Institute of Standards and Technology (NIST) or the Center for Internet Security (CIS) you can develop a knowledge of what security measures you already have implemented and those that can be improved. This will also assist with cyber insurance as it demonstrates cyber preparedness.
Next, you need to ensure you have proactive measures in place to mitigate cyber risk. By having defense measures in place such as continuous monitoring and detection, multi-factor authentication (MFA) and vulnerability scanning, your organization can be better protected against potential threats. If you have completed an assessment through a cybersecurity framework, you will be able to work through your improvement areas and implement various security measures to mitigate risks and continue to strengthen your defenses.
Malicious actors are continuously coming up with new forms of attack to access and damage systems. In addition, many organizations are struggling to implement up-to-date cybersecurity measures in their organizations. It can take time to be sufficiently protected against threats as a lot of time and resources go into implementing these changes. Because of this, you need to have reactive measures in place as well. In the case of a breach, it is important to have reliable cyber insurance so that you can recover from an attack effectively and efficiently. Many insurance providers will assist in different capacities to reduce the overall impact on your organization after an attack.
The cyber landscape is continuously adapting, making it important to stay educated on current trends, best practices and strategies. INSURICA and CyberForce|Q regularly develop educational resources to assist hospitals and health care organizations. Follow these organizations on social media or find more information on their Endorsed Business Partner pages on the THA website.