Cybersecurity, hacking, breaches – whatever you want to call it, we’ve talked about it before. We’ll talk about it again. Why? Because it keeps being a problem.
About a third of healthcare workers admitted to being aware of a breach in their facilities. And that’s just those who admitted it. Or were aware of it. The scariest part of the problem is how few people recognize that there is a problem.
So let’s dive into what causes a breach, what the consequences are (for the criminals and their victims), and find out what you can do about it.
First off: why would anybody want to penetrate healthcare providers’ systems? (Yes, we’re aware that penetrate isn’t an ideal verb, but it’s the industry term, so we used it, and we regret it, so let’s move on.)
The answer’s twofold. One: healthcare is full of valuable data. You’re storing every bit of your patients’ information, and the more data a hacker has, the more they can sell.
And Two: it’s working. Cyberattacks against healthcare organizations are on the rise. Think of three hospitals. One of them has been affected by a breach. This problem is everywhere.
So, if the motivation for the criminals is clear, why are they successful? The fact that most people are more worried about the healthcare they provide than the devices they’re using to provide it. Unless you’ve specifically been targeted or made aware of a breach, you probably don’t think about it as a possibility.
You’re not alone. The biggest technology conference completely failed to address security this year.
And it’s not just you and the computer (or tablet or phone) in front of you right now. The blame might be on the medical devices that are coming in and out of your facilities. They’re all potential entry points for bad actors, and there are a lot of them.
What’s even more frustrating is that, even if you have everything perfectly sealed up – creating an impenetrable barrier between your patients and the people wanting to steal their data – your suppliers might not. It’s not enough that you have to worry about all your systems and personnel. Now you have to worry about everybody you deal with. (A note to Z5 partner hospitals: we’ve got your back, but we can’t guarantee any of those other guys.)
It’s a lot of stress. But your mental wellbeing isn’t the only casualty of a breach…
Maybe you’ve come to terms with the fact that your data is just out there, and there’s nothing you can do about it, but if that happens to your patients, it’s your responsibility to make that right.
And not just morally.
Anthem just paid $16 Million in fines for allowing their customers’ data to be breached. That’s not how much they paid in a lawsuit from the people affected; that was just to the government as penance for their negligence.
The good news is that the authorities are getting better and better at catching the folks responsible for these attacks. Recently a man was sentenced for stealing data from a Boston children’s hospital, but not before he cost the hospital tens of thousands of dollars.
But this isn’t just a problem of money. People’s lives are affected by their data getting into the wrong hands. As this article points out, you can’t exchange your healthcare history for a new one as easily as you can a stolen credit card.
So what can you do about it?
You can start with a plan to prevent cyberattacks. You should, obviously. Here’s a guide to creating one.
But the sad truth is: you plan, and hackers laugh. They’re going to get in. So you need to be prepared for that, too.
One step you can take in preparation is to get cyber insurance. Cover your digital assets just like you would any other kind of assets against any other kind of theft. Because as we’ve seen, these can be very expensive ones and zeroes.
The other, even more important, preparation you can take is to have a plan for reporting the attack once you’ve found out that one took place. Because those authorities who catch the bad guys can’t catch anybody if they don’t know a crime has been committed.
Or you can keep telling yourself you don’t have a problem. Hackers will love you if you do.
This is Part Two in Z5 Inventory’s five-part “Crime In Healthcare” series. To see all the published entries, click here. If you know of a story of healthcare crime that you think we should feature, email firstname.lastname@example.org.
Headline photo by Depositphotos and Z5.