Over the past decade, the healthcare industry has come to rely on computer-based systems to deliver care. The industry is a leader in terms of integrating systems, utilizing digital records and analytical tools to better address the needs of patients. With such a reliance on computerized systems, however, the healthcare industry faces significant risks, especially when the privacy and security of sensitive patient information is concerned. In fact, healthcare systems have become the number-one target for cyber-attacks, potentially exposing millions of personal records to criminals around the world. Cyber liability insurance is one way that healthcare operations can protect against computer-based threats. As part of an overall risk management strategy, it is critical to understand the emerging cyber threats that healthcare operations will face in 2019.
Sensitive Patient Records: A Target for Cyber Criminals
Every business faces cyber risks in its daily operations. Highly-publicized data breaches have resulted in millions, if not billions, of stolen identities, and have cost companies untold billions of dollars in claims. The healthcare industry, unfortunately, is a prime target of cyber criminals. A single electronic medical record can be worth nearly $100 on the black market; multiply that figure by thousands or even millions of potential records to be stolen and it is easy to see why healthcare is in the crosshairs of criminals.
To further complicate matters, cybersecurity in the healthcare sector has fallen behind many other industries. A leading cybersecurity research organization ranked healthcare near the bottom of all industries reviewed in 2018, and the ranking has grown worse with each passing year. One-third of U.S. healthcare workers polled in another study indicated that their organizations were the victims of cyberattacks multiple times in the past year. It is clear that the threat is growing, and healthcare organizations must make substantial changes to protect the safety and security of sensitive patient records.
Emerging Cyber Threats And Countermeasures
While there are many ways by which cyber criminals gain access to personal data, three threats stand out. The first is the fact that the stark division between personal life and work life has begun to dissolve; the average worker of today is likely to share his or her work email address for personal business, may access social networks and personal websites on work computers, and may even fail to understand workplace computing security standards and settings, which tend to be far more rigorous than those settings used for personal computing.
So-called “phishing” attacks, or those that originate with a legitimate-looking email that asks the recipient to click a link and share personal login credentials, are on the rise. The mobile computing environment is particularly at risk; mobile-based phishing attacks have increased by 85%, according to one cybersecurity study. Long a staple of cyber criminals, phishing attacks have become extremely sophisticated within the last year. Data collected as part of every online search and every social media interaction may be leveraged by cyber criminals, allowing them to create phishing attempts that can fool even the most jaded of computer security experts.
Finally, social engineering hacks, or criminals gaining access to secure computer systems by posing as IT workers or administrators, has gained prominence. This is a time-honored tool of cybercriminals, but today’s social engineering attacks are incredibly lucrative, especially when millions of personal records can be stolen with a few clicks of a mouse.
What are cybersecurity professionals doing about these emerging threats? For many, education is the key to protecting sensitive data from loss. Training employees regularly on the types of cyberattacks they may face is critical in preventing phishing and social engineering attempts to pay off for criminals. IT professionals are making great strides in updating software and hardware to the latest security standards, closing loopholes that criminals may use to gain illicit access to servers.
Because healthcare patient records often need to be shared between providers and facilities, their secure transmission is of the utmost importance. End-to-end encryption standards are being used to protect these sensitive records as they move between facilities; failure to do so can result in records being stolen and thousands or even millions of dollars in liability claims. Healthcare organizations can protect their assets against losses with cyber liability insurance, but it takes a comprehensive security approach to address the potential of computer-based crimes. With these tools and strategies, organizations can do a better job of protecting patient records from theft.
About Caitlin Morgan
Caitlin Morgan specializes in insuring assisted living facilities and nursing homes and can assist you in providing insurance and risk management services for this niche market. Give us a call to learn more about our programs at 317.575.4440.