Cybersecurity

4 reasons to increase hospital cyber security budget

By Veriato Team

In the medical community, the patient is paramount. There are countless methods employed to treat people and protect their health. But when it comes to their patients’ safety, most hospitals need a higher dosage of cyber security.

Currently, health organizations are allocating less than half of what other industries budget for Information Security. This is no longer sufficient for a field with such high-value assets, and many factors play into the need for increased cyber security in the medical arena.

  1. Evolving healthcare technologies: Just in the last decade, health records have gone from mostly paper to totally electronic – and the digitization is continuing. Now employees access patient data via mobile devices and remote networks. Data sharing and cloud storage are necessities. Additionally, many medical devices themselves are now internet-enabled and some providers are embracing wearable tech for patients. Precision medicine, an emerging approach that customizes treatment based on patient-specific factors, also relies on the Internet of Things, and generates more sensitive data. As digital treatments, methods, and devices become more widespread, the opportunities for cyber attacks also increase. The AHA suggests that organizations put a scalable security plan in place now that can grow and adapt with the changing landscape.
  2. Increase in threats: With more online data, come more cyber threats. In 2015, around 100 million health care records were stolen. In 2016, organizations experienced on average one cyber attack per month. The value of EHRs has increased on the black market, enticing more cyber criminals. Organized crime rings target information systems to steal and sell specific information (social security numbers, billing info) or entire EHRs. Political groups and hacktivists seek to expose high-profile patient data to embarrass or discredit their enemies. Nation-state attackers try to seize groups of EHRs for mass exploitation of people. Even your own employees are security risks – from malicious insiders to those uneducated about cyber security best practices. The threats to patient data are diverse, dangerous, and escalating.
  3. Costly consequences: The Poneman Institute reports that the average cost of a data breach for healthcare organizations is estimated to be more than $2.2 million. In another study, 37% of respondents reported a DDoS (distributed denial of service) attack that disrupted operations about every four months, totaling an average of $1.32 million in damage per year. In addition to huge monetary penalties, data breaches hurt organizations’ reputations, which can have ripple effects in business. Intellectual property such as research findings and clinical trial information can also be stolen and sold, negating years of work and monetary investment.
  4. Physical risk: A medical facility exists to help people heal. Even though cyber attacks are online, they can cause physical damage.  In a Poneman Institute study, 46% of respondents said their organization experienced an APT network attack that caused a need to halt services. This shutdown can seriously impact the treatment of patients. Additionally, attacks using Ransomware are on the rise, in which hackers make a network inaccessible until the organization pays a ransom, usually in Bitcoin to make it untraceable. In the meantime, health care records can’t be accessed, meaning treatment may be delayed – resulting in health consequences or even death (and lawsuits). In this day and age, protecting patients means protecting your network. As Theresa Meadows, CIO of Cook Children’s Hospital, said in an interview for NPR: “The last thing anybody wants to happen in their organization is have all their heart monitors disabled or all of their IV pumps that provide medication to a patient disabled.”

Hospital organizations always put the patient first. An important – and undervalued – way to do that is to give cyber security the priority it deserves.

How to Rebrand
“Bossware”at Your
Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...