The Workgroup for Electronic Data Interchange (WEDI) has published a white paper offering cybersecurity tips for healthcare providers to help them ensure the sensitive protected health information of patients remains confidential and resilience against healthcare cyberattacks is improved.
The white paper – The Rampant Growth of Cybercrime – explains the scale of the current problem. The healthcare industry has been extensively targeted by cybercriminals over the past few years and the attacks are showing no sign of abating. The sheer number of data security incidents reported to the Department of Health and Human Services’ Office for Civil Rights shows just how frequently cyberattacks result in access to ePHI being gained.
In 2016, more than 315 major data security breaches were reported by HIPAA-covered entities. The previous year saw slightly fewer breaches reported, although more than 113 million records were exposed or stolen. 2014 also saw huge numbers of incidents reported.
Healthcare organizations are being attacked because they hold vast quantities of highly valuable data. Data that can be used for identity theft, medical fraud, insurance fraud and other malicious purposes. Healthcare networks also tend to be highly complex and many healthcare organizations are still using legacy systems and even software that is now unsupported. Consequently, vulnerabilities often exist which can all too easily be exploited by malicious actors.
In the white paper, WEDI discusses the most pressing issues faced by the healthcare industry, where cyberattacks are coming from, the methods used by cybercriminals to gain access to healthcare data and the most serious threats. WEDI explains the types of security vulnerabilities that are most commonly exploited to gain access to healthcare data and the risk of phishing, spear phishing and whaling attacks.
Cybersecurity Tips for Healthcare Providers
Healthcare organizations are not ignoring cybersecurity, in fact, most healthcare organizations are increasing spending on cybersecurity protections. However, it is how that money is spent that is a problem. WEDI points out that all too often, healthcare organizations concentrate on cybersecurity solutions such as firewalls, antivirus, and anti-malware software, yet fail to invest sufficient funds into more effective “prevention, encryption, detection, authentication and protection strategies.”
To help in the fight against cybercrime, WEDI has offered cybersecurity tips for healthcare providers to ensure appropriate defenses are put in place to keep healthcare data and healthcare networks secure. Rather than provide a list of suitable technologies to adopt, WEDI’s cybersecurity tips for healthcare providers are concerned with getting the C-Suite involved in cybersecurity, using cybersecurity frameworks, ensuring proper planning takes place and appropriate resources are diverted to cybersecurity and that the lessons learned by other industries are applied to keep healthcare computers, servers, cloud computing platforms, and internal computer networks secure.
The WEDI white paper is available for download on this link.