The value of patient medical information makes healthcare entities prime targets for cybercriminals. According to IBM’s 2022 Cost of a Data Breach Report, the average cost of a healthcare data breach is $10.1 million, the highest across all industries. With many healthcare providers expanding beyond the four walls into remote and virtual care, now is the time evolve your organization’s cybersecurity posture. Hear from our cybersecurity and healthcare experts on what practices will help you better protect your patients’ data and healthcare practice.
Host: James Hilliard
Guests:
- Dr. Keith Nelson, Director of Healthcare Strategy at Connection
- Steve Nardone, Senior Director of Security and Network Solutions at Connection
- Tim Allen, Director of Operations and Technology at Connection
Show Notes:
[1:00] Malicious actors are continuing to grow in skill and sophistication, but the good news is that we are also getting smarter when it comes to understanding phishing and social engineering.
[2:37] Technology is getting better when it comes to data protection, but the integration of technologies can be challenging. Improvements are needed to ensure security gaps are minimized between various technologies.
[5:10] Providers have been financially strained due to the pandemic. As such, cybersecurity has not been on the investment priority list. Ransomware or other data breach attacks can lead to harmful impacts – from financial, reputational, and operational as well as from the compliance perspective (HIPAA). The new world of virtual care and monitoring is adding another layer of complexity. Cloud security is also in the forefront as more institutions are moving to cloud environments.
[8:12] Prioritizing strategies to mitigate these cybersecurity threats can be challenging. In healthcare, people’s lives are at risk. Adopting a Zero-Trust framework is key. Nothing should be trusted. Focus on ways to protect data while minimizing the attack surfaces.
[12:52] Affecting behavioral change is always a challenge. Training or awareness programs and cybersecurity practices should not be a hindrance. Strategies need to be efficient and non-invasive so practitioners can focus on patient care.
[15:52] Design strategies around business operations rather than practices. Systems need to be more comprehensive to effectively offer protection. Often, this entails managed services and monitoring rather than relying on staff.
[19:40] There are some basic strategies that can go a long way to data protection such as instilling the need for complex passwords, having multi-factor authentication, and encouraging employees to verify emails and attachments.
[21:41] Updating software is one of the biggest gaps from the IT perspective. Systems get outdated and need to be patched regularly and systematically. Real-time monitoring and early detection of anomalies is a must.
[26:00] What can healthcare teams do to enhance cybersecurity immediately?
- Continual employee awareness and training
- Test your environment, internally and externally
- Implement regular patching updates and isolate systems that are not easy to patch
- Have an incident response plan in place to minimize the impact
Visit our Cybersecurity Awareness Month webpage for more resources. You can also hear us on Apple Podcasts, Amazon Music, Spotify, or Podbean.