Meditology’s New White Paper Affirms Perfect Cyber Storm Striking Healthcare Organizations at Critical Juncture
ATLANTA – July 11, 2017 – In the wake of May’s worldwide WannaCry ransomware attack, emerging trends has created the perfect cyber storm striking unprepared healthcare organizations. Data proliferation, the fact that only one of every four business associate (BAs) possesses a security certification, an escalating cyber security skill shortage and risky medical devices are among the latest trends revealed in Meditology Services LLC’s second annual white paper titled “State of Healthcare Security and Privacy.”
The white paper outlines the emerging developments – several already a familiar pattern – healthcare entities should consider in building and deploying cyber protection programs. The research is based on Meditology’s combined forecasts and examinations of healthcare companies and provider clients confronting cyber security challenges. Meditology is a professional services company specializing in information security for healthcare organizations.
The white paper can be downloaded here.
The sheer volume of protected health information (PHI) processed, stored or transmitted across multiple platforms makes healthcare provider organizations an even greater target for cyber attackers. The U.S. Department of Health and Human Services (HHS) reported 106 hacking incidents in 2016, nearly double the year before and over 20 times more attacks than were discovered in 2010.
“Healthcare organizations have finite resources and budget constraints,” said Brian Selfridge, IT Risk Management Partner at Meditology Services. “Since attackers are intent on obtaining patient information and other sensitive data for financial gain, providers must remain vigilant. Security and privacy threats will continually shape healthcare delivery and operations over the next several years.”
Third party breaches are rising
Referencing a recent report from CORL Technologies, Meditology’s sister company focused on healthcare vendor security risk management, Selfridge noted that third party providers have yet to be effective in adequately protecting PHI to comply with regulatory and risk management standards. Equally alarming is that only 26 percent of outsourced service BAs retain a security certification (HITRUST, SOC 2 Type 2, ISO 27001, and FedRAMP). “That’s one in four business associates, which is great cause for worry,” he said.
Shortage of cybersecurity skills persists
Cyber security professionals remain in high demand. The healthcare industry suffers from a deficit of experienced personnel trained in the clinical and regulatory environment from a security perspective. Healthcare leaders are also grappling with the challenge of recruiting and retaining skilled security talent while competing with other high paying industries for sought-after cyber security skills.
Ransomware and medical devices are lethal combination
Ransomware continues to pose a significant and growing threat. The healthcare industry is disproportionality affected by ransomware – and not just from the effects of lost productivity and the financial costs associated with response and recovery activities. Hospital and health system leaders worry about the potential impact on disruption of patient care. Additionally, medical devices are opening the door to a trove of PHI and regulated data. Security incidents including ransomware related to networked devices have the potential to impact patient safety and do meaningful harm to patients.
Selfridge stressed the importance of being prepared for more predicted vicious cyberattacks to come. “Healthcare organizations should certainly widen focus from breach prevention to include effective breach response capabilities,” he said.