Cybersecurity challenges and top 3 priorities for hospitals.
Furthermore, cybersecurity incidents are a growing threat to hospitals. The healthcare industry, in general, has tended to lag behind other industries in terms of protecting data of its key stakeholders (patients) and reducing the likelihood of cyber incidents.
So how do hospitals, especially smaller hospitals, drive cybersecurity initiatives given the inherent challenges they face? In a word: prioritization.
Here’s our top-three list of cybersecurity priorities for small hospitals and healthcare facilities…
Every year for the last decade, the Verizon Data Breach Investigation Report has shown end users as the single most risky factor to hospitals’ cybersecurity posture is end users. End users click phishing emails and contract malware. End users inadvertently wire money to unauthorized third parties. End users open files they shouldn’t and send data where it shouldn’t go. Hospitals are required under HIPAA to train their users on securely handling protected health information. Security awareness training is both the most impactful and also the least-expensive cybersecurity measure to implement for small hospitals.
What happens when an end user clicks a phishing email and opens a malicious attachment? That attachment, usually a Microsoft Word document or PDF, will run code that attempts to find a weakness on the user’s computer and gain a foothold into the network. By performing a vulnerability assessment, hospitals can find these weaknesses and address them, thus rendering malicious attachments useless.
Less than half of hospitals perform cybersecurity incident response exercises annually. Incident response plans are what help hospitals respond to a cybersecurity incident in a logical, structured fashion. The goal of an incident response plan is to restore data and systems as quickly as possible. Without an incident response plan, and without testing the plan annually, hospitals are at a heightened risk of extended downtime and heavy fines.