In recent years, cybersecurity has emerged as one of the most pressing focus areas for c-suite executives seeking to strengthen their healthcare enterprise risk management.
Healthcare organizations represent attractive targets for criminal organizations and there is every reason to believe cyber attacks against providers are on the rise. Between 2004 and 2021, the fifty largest data breaches resulted in 17.5 billion losses of individual records. Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022.
Healthcare organizations represent lucrative targets for criminal cyber-attacks due to the wealth of information to be gained from both internal organizational data as well as external patient health information (PHI). By compromising a healthcare organization’s cyber defenses, criminal organizations can complete lateral movements to gain greater access to sensitive organizational data.
In many situations, attacks against third party providers can result in downstream exploits and data loss events at healthcare providers. This is precisely what happened on February 26th of 2022 when Professional Finance Company, a professional services provider was hit with a ransomware attack which resulted in 600 healthcare organizations being involved in the subsequent data breach. In these cases, it's essential not only for organizations to make the right strategic investment in cybersecurity but also to ensure their partners have robust and responsive plans in place as well.
Enhancing cybersecurity depends on elevating policies, processes, and personnel responsible for ensuring data security best practices are driving behavior across your healthcare organization. It’s not easy to protect every end-point and secure every digital connection; however, by focusing attention on supporting cybersecurity, your organization will be better equipped to protect the mission-critical data guiding your success.
Hacking exploits and data breaches targeting healthcare organizations are on the rise and it's time for your organization to develop a stronger cybersecurity posture to prevent critical data losses. Failure to secure data could result in costly damages to your organization’s reputation and future earning potential. Cybersecurity should not be an afterthought but instead a rallying point driving action at your healthcare organization.
Data Breaches Targeting Healthcare Organizations Are On the Rise
In 2021, 550 healthcare organizations reported data breaches impacting more than 40 million patient records. Organizations of every shape and size were targeted with criminal organizations working aggressively to compromise sensitive organizational data.
A data breach is defined as an event that results in the leakage of protected organizational data. A breach may occur due to improper security configurations of a database or application, intentional malicious hacking, or failure to integrate the secured functions of an application with unsecured modules of a service. The terms data spill, data leakage, information leakage, and data breach describe emergency security incidents which may result in critical losses of sensitive organizational data.
Between 2009 and 2021, 4,419 healthcare data breaches of 500 or more records have been reported to the HHS’ Office for Civil Rights. Those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 314,063,186 healthcare records. That equates to a loss of records that would equal to 94.63% of the 2021 population of the United States.
According to 2021 research conducted by the Ponemon Institute and IBM, organizations with up to 500 employees had an average cost of $2.98 million following a data breach. The highest total cost associated with dealing with data breaches was found at organizations with 10,000-25,000 employees with an average cost of $5.52 million per breach.
Register for Avoid the Telehealth Cliff: Managing Risk in Virtual Care
Pre-pandemic, state, and federal regulations greatly limited providers’ ability to deliver care remotely. Thanks to the public health emergency, however, providers have spent the last two years adapting to—and benefit from—expanded telehealth flexibility. Patients love it. In fact, they’ve come to expect it.
While there’s no putting the genie of patient experience back in the bottle, some states have begun a return to more stringent regulations while others are adapting their policies to fit the “new normal.”
At the federal level, however, questions abound:
- Will Medicare beneficiaries lose access to care once the current waivers expire?
- How likely is the Biden administration to extend them?
- Which changes might Congress make permanent?
Uncertainties like these make it difficult to develop a long-term telehealth strategy, especially for large, multi-state hospitals and healthcare organizations. Get the answers your organization needs and avoid the telehealth cliff.