Cybersecurity for Healthcare
While your healthcare organization is focused on providing critical care, improving the patient experience and exploring groundbreaking treatments and technologies, cyber criminals and threat actors are aggressively seeking out your vulnerabilities and looking for ways to attack. Dealing with highly sensitive data and private personal information, the healthcare industry is one of the most targeted, making up 15% of attacks, and leading cybersecurity and HIPAA compliance to be an ongoing concern.
Here are some alarming stats:
By the end of 2020, security breaches are expected to cost healthcare companies $6 trillion dollars. (PhoenixNAP)
Lost or stolen protected health information (PHI) is estimated to cost the US healthcare industry up to $7 billion annually. (JAMIA)
Penalties for non-HIPAA compliance range from $100 to $50,000 per record. (HIPAA Journal)
Healthcare has the highest cost per breached data record of any industry, at $408/record - 3x the cross-industry average. (HIPAA Journal)
1,531,855 healthcare records were breached during 39 incidents in February 2020 alone. (HIPAA Journal)
Solutions to Address Common Challenges and Concerns
Endpoint Security with a strong threat hunting tool and real-time change management configuration keeps you informed of any backdoor hacking attempts online
Anti-Malware/Anti-Virus/EDR should be packaged into all POS systems; if using a mobile-based POS app, ensure network connectivity and all communication channels are encrypted
Adversarial Testing (i.e. penetration testing, web application testing, etc.) and other system assessments help uncover vulnerabilities or weaknesses within systems – very important since you are most likely using open-source and third-party APIs and software for an e-commerce site or mobile payment applications
Comprehensive Vulnerability Assessment program evaluates whether an IT system is exposed to any known
vulnerabilities, assigns severity levels to identified vulnerabilities, and recommends remediation or mitigation
steps, where required
Encryption Key Management protects customer and financial data in the cloud, maintaining compliance with
Payment Card Industry Data Security Standards (PCI DSS)
Firewalls/IPS/IDS around customer data ensures proper handling of payment card information in accordance with PCI DSS and performs the latest software patches and upgrades in a timely manner
Two-Factor Authentication provides an additional layer of validation, reducing a threat actor’s attack surface and ability to gain unauthorized access to sensitive and POS data