Cybersecurity will be a major concern for healthcare organizations as they move into 2020. Not only will Microsoft Windows 7 security patching cease on January 14th, creating major data security risks for healthcare organizations who choose to run the outdated operating system, but a slew of 2019 data breaches of healthcare IT systems make it evident that cyber threats show no signs of slowing down for the healthcare industry.
In September 2019, 1.5 million people had their private data exposed in healthcare breaches, and this only relates to the incidents that were actually reported, meaning there were likely many more incidents. This is extremely worrying when you consider this is more than double when compared with August data. This shows just how rapidly the problem is scaling up.
We have also seen some massive, high-profile breaches this year. For example, 25 million patients saw their data breached due to an American Medical Collection Agency attack in early May. The parent company of AMCA has since filed for bankruptcy while the billing services vendor, Quest and LabCorp are facing a number of lawsuits and investigations.
The University of Washington Medicine also experienced a breach in February due to a misconfigured server while Inmediata Health Group saw the personal data of 1.57 million patients breached in an incident that is still being investigated. These are just a few examples of many, which shows just how critical cybersecurity efforts are for modern healthcare organizations.
There are many different types of cyberattacks that are being launched, from phishing emails to ransomware. Ransomware campaigns at hospitals across the world have been particularly dangerous and damaging. This has caused patient care to be delayed and cost millions in ransoms paid. This is something the National Health Service (NHS) in the UK fell victim to, which caused them to have to cancel 19,000 appointments.
Consequences of Non-Compliance
There are many negatives consequences that can occur if healthcare organizations do not comply with the cybersecurity regulations that are in place, namely HIPAA, the Health Insurance Portability and Accountability Act, part of which aims to protect the private data of patients.
One of these consequences is a delay in patient care. Cyber attacks like Ransomware can tie up entire IT systems until a ransom is paid, leaving healthcare providers and their staff unable to access patient info and health records. Even if the ransom is paid, there is no guarantee that hackers will release the data, or steal it and sell it on the black market.
Another consequence is a a major blow to a provider’s reputation. According to HIPAA law, healthcare providers are required to inform patients about data breaches, which will become public knowledge, possibly hurting the reputation of the provider. It’s no surprise that many healthcare businesses have found that patients have moved on and found other practices after a data breach. After all, incidents like this can severely damage trust.
And finally, providers can face steep legal penalties and fines, especially if they are found to be willfully out of compliance or negligent in their data security practices.
Deploying Cybersecurity Resources
Many healthcare providers in the U.S. don’t have the technical expertise nor the time required to properly manage and protect their patient’s data. That is why many providers outsource this management to a local Managed IT Service provider who specializes in HIPAA compliance. Outsourced IT Services offload data security tasks to a team of local IT professionals, providing peace-of-mind for medical providers who have previously lacked the resources to secure their data properly. Even with these available resources, some healthcare providers choose to not comply. “While adding these IT resources surely come at a cost, our medical provider clients know the risks of data breach are huge, making the added cost worth it,” says Kallie Johnson of adNET Technology Management, a Managed IT Service Provider in Chicago, Illinois. “Cyber threats will continue to be a risk for healthcare offices, but there are resources available to mitigate those risks substantially.” she continues.