Healthcare
Navigating Cyber Risks
Cyber Stats
- More than 40 million healthcare records have been exposed over the past 12 months
- 83% of breaches caused by ransomware attacks
- Ransomware attacks on U.S. Healthcare organizations cost $20.8 billion in 2020
- 89% of healthcare organizations have suffered cyberattacks over the past year
- 100 U.S. Healthcare organizations impacted by Blackbaud ransomware attack
- Healthcare institutions spend on avg. $429 per stolen record
- Data breaches cost healthcare providers on avg. $9.23 million
- Most companies’ HR departments need to adhere to the HIPAA Privacy Rule because they handle the ePHI of their employees
Compliance & Regulations
Healthcare providers, supply chain, and service providers should become familiar with the key elements of the Security Rule to determine who is covered, what information needs to be protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information (e-PHI).
A patients’ health records are protected by HIPAA guidelines to ensure that patient information is kept confidential and stored securely.
Risk & Business Impact
But what is the true cost of ransomware attacks on US healthcare organizations? There is a cost that affects most attacked healthcare organizations- downtime. As we have already seen, servers may be taken offline for hours, weeks, and even months. And in some cases, data and/or computers are unrecoverable.
The avg. amount of time lost to downtime is reported to be 21 days.
Predictions & Beyond
- E-mail phishing attacks
- Ransomware attacks
- There has been a growing trend of double-extortion attempts. Hackers not only lock computers with a message demanding a ransom, but also contact victims with proof of the data collected.
- Loss or theft of equipment or data
- Insider, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient safety
Solutions
A covered entity must establish a balance between the identifiable risks and vulnerabilities to EPHI, the cost of various protective measures, and the size, complexity, and capabilities of the entity.
Although the HIPAA Security Rule does not require specific technology solutions, the security tools offered below illustrate the technology solutions a covered entity should consider deploying.
Owning the patents relating to our cybersecurity technologies, allows us to better protect your patients, your doctors and administration staff.
Click on the links below to learn how each of these technologies can help mitigate cyber exposures for your healthcare organization.