Dec 30, 2020
Today’s healthcare landscape looks substantially different than the one from a decade ago, and among the many driving forces behind this new look, integration stands out as one of the most influential. The integration trend didn’t happen overnight. For years now, hospitals and other healthcare organizations have been merging, driven by attempts to expand market share and streamline operations. The effects of such trends are wide-reaching, impacting nearly every aspect of healthcare — from technologies to payer-provider lines, from treatment to administration. As healthcare organizations lean further into integration, a key challenge will be how to navigate ever-present cybersecurity risks.
Cybercrime is a costly threat to businesses and organizations around the world. In the US healthcare industry alone, data breaches cost $4 billion in 2019. An overwhelming majority of IT professionals believe that cybercriminals are outpacing their medical enterprises, leaving them dangerously exposed to threats, such as the WannaCry ransomware attack of 2017, which infamously brought the United Kingdom’s NHS to a standstill for days. Years later, that same ransomware attack was still affecting healthcare organizations at an alarming rate, with 40% of organizations impacted by the attack in the first half of 2019. Experts weren’t surprised either, recognizing the operational complexities of healthcare that leave organizations exposed.
The unfortunate fact of the matter is that healthcare organizations and their patients are constantly at risk of being impacted by cyberattacks. For now, there’s no one-size-fits-all solution. Still, as organizations move forward with integration, there are a number of opportunities to mitigate risk.
Establishing a Culture of Security
Breaches can happen at all levels of an organization, and as integrated care systems expand, it’s important to ensure that there’s a top to bottom culture of security. New employees should have dedicated security education as part of their onboarding process, but that cybersecurity training should not be limited to new employees only. Ongoing training and education for all employees can help establish that culture and mitigate risk.
Restricting Administrative Privileges
In an industry that is innately full of restriction, it can often be tempting to speed things up by granting widespread access to its employees. While that access might allow for more operational efficiency, it leaves organizations dangerously vulnerable to breaches. Healthcare organizations should ensure that administrative privileges are granted in a controlled manner, while inventory and monitoring of these accounts should be standard practice.
Developing an Incident Response Plan
Too often, healthcare organizations are reactive in their responses to cyberattacks. The best time to prepare for an incident is before it occurs. It will allow for improved navigation during a difficult time, and has substantial potential to save time and money. These plans should establish key stakeholders and leaders, and the responsibilities of each position should be made clear. An incident response plan should also consider post-incident steps, such as resetting passwords, replacing hardware, etc.
Engaging with a Healthcare IT Consultant
Healthcare is a nuanced field with much at stake. Security is difficult enough in any business, but when you add in the intricacies of healthcare, it’s elevated to a new level. When moving forward with new security initiatives, engaging with an experienced healthcare IT consultant rather will ensure a smoother process. That foundational healthcare experience not only allows for a more efficient project, but it can also be the deciding factor between success and failure.