Editor’s Note: 2017 was a significant year for ransomware attacks. In the coming year, cyberattacker activity will branch out into new territories. Payers and Healthcare networks must stay ahead of trends to protect against cybersecurity threats. Click HERE for how BHM develops high level protection for your data, addresses the c-suite cyber-security concerns, and proves it with HITRUST CSF. |
Verizon has re-examined the data within their Data Breach Investigations Report (DBIR) series to focus in on the healthcare sector’s unique profile and security challenges, and particularly the use/abuse of protected health information (PHI). Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR) is underpinned by 1,368 incidents from this caseload covering 27 countries.
The major findings are as follows:
- 58 percent of incidents involved insiders. Healthcare is the only industry in which internal actors are the biggest threat to an organization.
- 70 percent of incidents involving malicious code within the healthcare sector were ransomware infections.
- 27 percent of incidents were related to PHI printed on paper. Medical device hacking may be in the news, but it seems the real criminal activity is found by following the paper trail.
- 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI. More employee education is required to ensure that basic security measures are put in place.
First step – get the basics right
There are several short-term improvements that can directly address some of the common security challenges flagged by these findings:
- Full Disk Encryption (FDE): This provides an effective and relatively low-cost method of keeping sensitive data out of the hands of criminals.
- Routine monitoring of record access
- Build resiliency to combat ransomware attacks
More important, though, is the need to secure the use of PHI within the healthcare sector for future stability and success in the digital world. This means that longer-term strategic actions are also required.
Finally, having an overall incident response plan ready to go should a cyberattack occur will also enable quicker reactions, and can often make a difference to the level of impact an incident has on an organization. Testing those plans using table top exercises to discover gaps is critical before an incident occurs, as well as holding post mortem reviews after the fact to capture lessons learned.
Download all three cybersecurity reports:
- Protected Health Data Breach Report or the
- AMA’s Tackling Cyber Threats in Healthcare or the
- McAfee Labs Threats Report
2017 was a significant year for ransomware attacks. In the coming year, cyberattacker activity will branch out into new territories. Payers and Healthcare networks must stay ahead of trends to protect against cybersecurity threats. Click HERE for how BHM develops high level protection for your data, addresses the c-suite cyber-security concerns, and proves it with HITRUST CSF.