Cybercriminals Target Healthcare Organizations, Patients, and Communities
Healthcare cybersecurity matters more now than ever. Not only are cyberattacks on the rise, but they have also become increasingly sophisticated. Cybercriminals are launching attacks with greater precision and confidence, and unfortunately, the healthcare sector has become their venue of choice. Healthcare is a desirable and highly profitable, and vulnerable target for hackers. No wonder cybercriminals favor targeting larger healthcare organizations with multiple facilities and service lines.
In addition to exposing sensitive financial and personal health information, cyberattacks can directly compromise patient care quality and safety by causing disruptions that delay procedures, shutting down diagnostic systems, causing ambulance diversions, and more. Internet-based tools critical to patient care, like patient health records, test results, the ability to communicate with other departments, and outside support systems, are suddenly unavailable. As a result, the system and the patients and communities served are exposed to significant harm. An increase in morbidity and mortality can result from such an event, and the impact on the community and likely consequences to regional healthcare response and delivery systems are also compromised. You may like to read our blog posts on the Kaiser Permanente data breach and the Universal Health Services ransomware attack.
To mitigate these consequences, healthcare organizations should implement robust cybersecurity measures and practices, such as conducting risk assessments, updating software and systems, training staff, encrypting data, and backing up data. However, this might be easier said than done as many obstacles confront this complex and vulnerable sector as it struggles to strengthen its cyber posture. These include resources, staff, training, and awareness, among other challenges to maintaining a cyber-secure environment.
Cybersecurity is not only a technical issue but also a strategic one that affects the entire healthcare entity and must be championed by the C-Suite and its Board of Directors. Board members focus on the mission and the use of assets and have the authority to change unprofitable practices. They have a fiduciary duty to oversee their organization’s cybersecurity posture and ensure readiness to respond to cyber threats. In supporting the cybersecurity strategy, boards can help protect the confidentiality, integrity, and availability of patient data, as well as their organization’s reputation, trust, and financial stability. In supporting the cybersecurity strategy, boards can help protect the confidentiality, integrity, and availability of patient data, as well as the reputation, trust, and financial stability of their organizations.
Here are some ideas to consider implementing to get the most from these talented stewards of your healthcare organization. By doing so, the Board of Directors can demonstrate its leadership and commitment to cybersecurity excellence. They can inspire confidence and trust among the system’s patients, employees, partners, regulators, and investors.
– Adjust board composition to include directors with both business and cyber experience.
– Establish a cybersecurity committee or designate a board member to lead cybersecurity oversight.
– Understand the current cyber landscape and the best practices for cybersecurity governance.
– Support a culture of cybersecurity that involves all levels of the organization, from management to frontline staff.
– Administration and information technology content experts will sometimes have differing perspectives. It is important to bridge this divide with effective and strategic communication to overcome any disconnect that might create barriers to cybersecurity progress.
– Review and approve the cybersecurity strategy, policies, and budget.
– Monitor and evaluate the cybersecurity performance and risk management of their organization.
– Participate in cybersecurity exercises and simulations to enhance preparedness and resilience.
– Collaborate with external stakeholders, such as government agencies, industry associations, vendors, and other healthcare organizations, to share information, best practices, and resources on cybersecurity issues.
It is an ongoing journey that requires constant vigilance and adaptation. The board and its individual members are in a unique position to shape the future of healthcare cybersecurity and ensure that their organizations are resilient and ready for any cyber challenges.