Cyber security issues in 2018 were no different than in the past with the exception of frequency. Positive Technologies, a global digital security firm founded in 2002, says 2018 was actually more a sign of the times, with cyber-attacks increasing 32% in the first quarter of the year and 47% in the second compared to the same times in 2017. Hackers are becoming more sophisticated and increasingly successful.
Historically, the most significant data breach was of Equifax in September 2017 which left 147 million Americans facing the potential lifelong threat of identity theft. Several breaches in 2018 were among the largest thus far. Most recently Marriott’s Starwood Properties database was hacked involving up to 500 million people. Other large breaches include Yahoo, Dunkin’ Donuts, Under Armour and Hudson’s Bay, the parent company of Lord & Taylor and Saks Fifth Avenue.
Healthcare Under Cyber Attack
The 2016 IBM Cyber Security Index actually showed healthcare as the most attacked industry. Cyber security may be more important to clients because of identity theft. Criminals can sell information on the black market for Medicare fraud and other financial gains. Blue Cross of Michigan reported a second breach in December 2018 affecting 15,000 clients and Choice Rehabilitation Centers reported an attack affecting 4300 patients.
Hospitals typically spend 64% more to repair a breach than on their advertising budgets for the 2 years following an attack. The Health IT Department of the Federal Government has published an online cyber security training resource to aid individuals and hospitals in the efforts to defend their network. The list below includes helpful best practices for both institutions and private individuals.
Top 10 Tips for Cyber Security
- Establish a Security Culture-don’t assume it can’t happen to you
- Protect Mobile Devices; easy to steal or lose
- Maintain Good Computer Habits; uninstall non-essential software like games
- Install & Maintain Anti-Virus Software
- Plan for the unexpected-fire, flood, earthquake
- Control Access to Protected Health Info; passwords, permission, need-to-know
- Use Strong Passwords
- Limit Network Access; use encryption software
- Control Physical Access; flash drives, CD’s, DVD’s
HIPPA and Cyber Security
Many of these point to HIPPA violations which can range up to $50,000 per civil violation within each 6 year statute of limitations. Lack of compliance with HIPPA and state laws can be a deal breaker for mergers and acquisitions. Hospitals must be prepared to provide documentation regarding policies and practices to potential buyers. The cost of a lawsuit from leaked patient information can well spell the end for that healthcare entity. Cyber attack prevention is essential if for no other reason.
Efficient healthcare today takes advantage of available technology for data collection, retrieval, storage and sharing, allowing professionals to care for patients more than they could in a 12 hour shift 20 years ago because of the information sharing. Unfortunately, security and risk management have to play a predominant role in all our activities.
NHS Solutions has a number of highly qualified experts in HIPPA compliance available. Our pool of Interim Risk Management Leaders is deep. Contact our recruiting team and we will tailor a solution to the individual needs of your organization. Our Interim Risk Management Managers, Director and C-suite leaders are able to assess and lead the change needed to minimize risk and aid in the maximization of the overall quality of care provided by hospitals.