With technology permeating every aspect of our lives, we now expect information to be available at our fingertips whenever we need it. When it comes to our health, ready access to medical data can provide much needed time and cost reductions as well as life-saving information.
Big data is here to stay, but with the collection of large quantities of electronic patient records comes very significant risks. Hacking, data loss from ransomware, and identity theft are very real, and potentially devastating, threats to our healthcare industry.
A healthy fear
At some time or another, most of us have been treated at a hospital or other healthcare facility. Being injured or sick can leave you feeling vulnerable, but you realize that you are in the hands of capable professionals trained to help you recover.
We often don’t think about is the amount of personal information we are required to provide when we seek medical assistance, in order to be diagnosed and treated appropriately. All our information, and that of millions like us, is being stored on and shared in hospital databases across the country and we trust that our information will remain confidential.
Now, imagine if the very hospital where you were treated fell victim to a network security breach, where all of your personal information was now vulnerable to being stolen and potentially used by a corrupt hacker. Your personal information, including social security number, medical history, insurance, and medications information, could be in the hands of an unknown and unscrupulous criminal. The thought is disconcerting, to say the least.
What are the risks?
According to the 2016 IBM Cyber Security Index, the industry facing the greatest frequency of online attacks was healthcare. This is despite not even rating a top five mention on the Index in the year before. In 2016 alone, healthcare organizations experienced 36% more security threats than any other industry. From 2009 to 2015, patient information was breached almost 2000 times. And this is only the times that the hack affected 500 people or more. There are a number of security breaches that can occur in a healthcare setting, including hacking, ransomware and medical identity theft.
Hacking involves gaining unauthorized access to computer systems in order to steal information, destroy technology infrastructure or disrupt the organization’s day-to-day operations. In a hospital environment patients, staff, equipment, data, and finances, are all vulnerable in cases of an attack. Even the smallest changes to information could result in the failure of hospital equipment, incorrect medicine dispensing, or many other potential crises. A hack could have catastrophic results for patients and the hospital at the hands of someone who finds amusement or financial gain from their disruption.
Ransomware is usually accidently downloaded and is software created with malicious intent to block computer access. The creators of the software refuse to release access to computer systems until a ransom is paid by the individual or organization under attack. Ransomware can prevent medical information being available when needed and cause significant delays in the provision of healthcare services.
Medical identity theft is the illegal acquisition of personal information in order to receive medical services, treatment, or supplies and can include financial theft as well as data theft. While financial institutions usually absolve any debts incurred from credit card theft, the same cannot be said of medical identity theft. An Accenture report found that victims of medical identity theft “incurred $2,500 in out-of-pocket costs per incident, on average”.
Add this theft to the time it takes to restore computer systems after hacking or ransomware attacks, and the fines health organizations might face under HIPAA if privacy laws are breached, and the costs of security breaches can reach tens of millions of dollars.
Healthcare needs cyber heroes
The best defense is a usually good offense. You can be that offense: a cyber security hero, one of the unknown that work every day to protect valuable assets worldwide. The cyber security industry needs you, now more than ever as the demand for cyber security job openings continues to grow.
Globally, there are one million positions available for cyber security professionals. In the U.S. alone there are approximately 200,000 job openings in cyber security. So not only is hospital cyber security a job that provides personal satisfaction in protecting the innocent: there is also plenty of work available in the industry too.
There are a number of ways IT professionals can prevent and limit damage from ransomware attacks. Some of these include:
- Keep software up to date
- Backup data frequently
- Store back-ups at an external location
- Educate users on how to avoid downloading ransomware
- Implement technologies and processes for early detection and response
- Leverage threat intelligence to keep up with current attacks
- Secure data against loss or exposure
Secure your medical identity
It’s not only large-scale security breaches that place hospitals and other health care providers at risk. Studies have found that one in four consumers in the U.S. have had their personal medical information taken from electronic records systems. Many commentators are calling this outbreak of cyber threats to personal information an epidemic and a growing public health crisis. Of the 26% of U.S. consumers who had their medical data stolen via technology, half had their medical identity stolen.
The most common sources of medical identity theft are:
- Hospitals (36%)
- Urgent-care clinics (22%)
- Pharmacies (22%),
- Physicians’ offices (21%)
- Health insurers (21%)
The primary guidelines covering the protection of sensitive patient data is the Health Insurance Portability and Accountability Act (HIPAA). To counter these startling figures, there has been a strong push for the implementation and regulation of healthcare cybersecurity, including a move towards entirely electronic records keeping systems, along with a broadening of HIPAA’s responsibilities.
Last line of defense
There are many IT positions in the healthcare industry that are security related, including Support Technicians, Network Administrators, Website Administrators and Network Engineers. These IT cyber heroes are the front line defenders in the fight to keep data safe and healthcare facilities running smoothly. CCI Training Center’s IT Security Fundamentals course provides the training you need to create a foundation for a cybersecurity career, as well as preparing you for the Microsoft Security Fundamentals Exam (MTA 98-367).
Some data protection roles aren’t so technology focused. Health Information Technicians, Medical Secretaries, Medical Records Specialist and Medical Records Coders all have vital roles to play in protecting patient and organizational information every day through proper record handling procedures and adherence to privacy protection laws. As part of CCI Training’s Health Information Specialist program, students learn all about confidentiality along with medical law and ethics. Upon completion, you can even qualify for the National Healthcareer Association’s HIPAA Privacy and Electronic Health Records certification exams.
It takes a comprehensive team at many levels to fully guard against healthcare data and facilities breaches. Healthcare security jobs are on the rise and the industry needs more heroes . . . just like you.