Protected Health Information Remains Prime Target For Hackers
Healthcare providers require top cybersecurity defenses from vendors. A single breach can expose thousands of sensitive and privileged patient records.
The healthcare industry electronically stores some of the most sensitive personal data, and that makes the industry a primary target for hackers. And while organizations such as hospitals, outpatient clinics, and others at the center of the industry generally conduct secure due diligence, the healthcare supply chain has significant gaps. That’s why healthcare outfits need to go further than ever before to ensure privileged information stays out of the hands of cybercriminals.
How Vulnerable is Healthcare Data?
Heading deeper into 2020, the healthcare sector would be wise to take a page from the U.S. Department of Defense (DoD) playbook on how to secure supply chain data. The federal government is proactively implementing heightened cybersecurity measures and requiring industry-wide compliance. Called the Cybersecurity Maturity Model Certification, this policy goes beyond high-level government contractor cybersecurity and brings supply chain outfits to the table.
The reasoning behind this national security strategy is because digital bandits can go after weak third-party companies and leverage seemingly low-level data. This problem is reflected in other industries, including healthcare. These are essential things to consider about confidential healthcare information.
Upwards of 43 percent of third-party outfits can access Protected Health Information
During the last two years, 54 percent suffered a data-related breach
Less than half of outfits surveyed stated they would promptly contact that healthcare provider following a breach
Although healthcare supply chain businesses reportedly spend approximately $2.5 million each year reviewing risk exposure, healthcare providers are not consistently holding their feet to the cybersecurity fire.
According to a Ponemon Institute and Censinet study, “Many of the vendor respondents believe that healthcare providers do not fully embrace risk assessments to measure and manage third-party risk accurately. For example, nearly half (41 percent) of healthcare vendor respondents said that providers do not require any action to be taken if they discovered gaps in vendors’ privacy and security practices and policies, and 42 percent say that providers do not require proof that the vendor complies with privacy and data protection regulations.”
Massive Health Information Breach Highlights Vulnerability
While the federal government is currently requiring DoD-sector outfits to meet enhanced security protocols, healthcare organizations are falling behind such trends. It may seem difficult to imagine, but in 2019 a single breach to the healthcare billing outfit known as Quest Diagnostics and LabCorps reportedly exposed nearly 20 million sensitive patient records.
The Ponemon Institute and Censinet study also points out this is not an isolated incident as the average breach costs companies about $2.75 and reveals almost 10,000 patient records. That’s why the healthcare must press forward and require updated supply chain defenses, and risk assessment, among other improvements.
“Healthcare vendors and providers must move from simply checking a box to changing the culture,” Censinet CEO Ed Gaudet reportedly said. “This is an industry-wide problem, and as such, we need a new, collaborative approach that makes it easy for healthcare vendors and providers to band together and take action, implementing policies, procedures, and controls that reduce risk holistically.”
What Healthcare Businesses Can Do To Stay Ahead
Like the DoD, leading healthcare organizations are tasked with requiring cybersecurity compliance throughout the supply chain. When providers outsource aspects such as billing, crucial data must be secured with the same protocols a front line hospital would practice. These are necessary IT cybersecurity practices worth upgrading.
Electronic Communication Protections
Data Loss Prevention Strategies
Risk Management & Data Loss Strategies
Breach Response Policy
Medical Device Cybersecurity
One of the reasons that the healthcare sector continues to be a primary target for cybercriminals is the lack of investment by supply chain outfits. It’s not uncommon for such operations to spend as little as 10 percent of the overall IT budget on cybersecurity. Given the consequences of a critical breach, data protection ought to rank among the highest priorities. Either decision-makers are going to bring in third-party IT cybersecurity experts to shore up industry-wide defenses or continue to be the low-hanging fruit for hackers to pluck.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.