In January, there were almost as many cybersecurity breaches in healthcare as there were days. Providers, health plans and their associates reported 29 breaches affecting about 438,000 patients to the federal government in the first month of 2020, according to data reported by the U. S. Department of Health and Human Services Office for Civil Rights. The largest single breach in 2019 exposed 11.5 million patients’ data. 

Across all industries, system glitches and human error account for 25 percent and 24 percent of breaches, respectively, but the majority—51 percent—are caused by malicious software attacks (malware), according to the IBM-sponsored 2019 Cost of Data Breach Report. In healthcare, ransomware accounts for more than 70 percent of malware, Verizon reports. 

The healthcare industry is a top target for cyber attacks in general and ransomware in particular because patient data is far more valuable than basic identity information. To give an example of its worth, medical histories can be sold and used to bill for fake services and collect from Medicare. Moreover, because of the disruption to patient care, healthcare providers are more likely to pay a ransom to cyber attackers to unencrypt their files.

To better protect themselves against cyber attacks, healthcare organizations must stop thinking about cyber security as an IT issue. Instead, treat attacks as a matter of organizational risk, with patient safety and care quality at stake. According to a 2019 IBM-sponsored study conducted by the Ponemon Institute, it takes an average of 279 days (across all industries) to contain a cyber attack. In the aftermath of an attack, electronic health records and internet-connected medical devices can go down, so patients must be diverted to other facilities.

As with a virus, new variants of malware evolve even as IT specialists hone in on how to protect against the original threat. So what is a healthcare provider to do? Here are a few tips to help increase security.

• Prepare for a breach.
• • Educate employees and the board about secure computing and how to avoid being tricked by a hacker. 
  • Make sure your organization has offline backups and patch systems regularly.
  • Segment sensitive information, such as patient data, to limit malware’s ability to spread.

• Detect breaches through vigilance.
  • Leverage tools like Security Incident Event Monitoring (SIEM) to detect network intrusions more quickly.
  • Conduct regular vulnerability scans and penetration tests while understanding the limits of the technology.
  • Monitor reports from the security team for odd or suspicious activity.

• Respond according to protocol.
• • Have an incident response team, an emergency response plan and a communication plan in place.
  • Disconnect network and subnet internet circuits. Power down servers and any machines suspected of infection.
  • Move to disaster or downtime procedures and determine if external reporting is required.
    
    
• Learn from the event.
• • After a security breach, conduct a root cause analysis and evaluate what worked and what needs to be corrected or updated.
  • Be transparent with the internal team and discuss findings with the board.
  • Update processes, technology, and employee education based on what you learn.

It’s important for healthcare providers to stay safe from malware in general and guard against specific strains of malware. Many healthcare organizations work with outside consultants like CHC to help manage network security. CHC assists with external security audits and risk assessments, provides monitoring services, and helps providers mend any security gaps and strengthen overall preparedness and response readiness. 

By Brian Doerr, SVP Information Technology & Security and Privacy Officer March 10, 2020 Technology & Security