(http://resources.infosecinstitute.com/)
As cyber security increases, ransomware also increases. In effect employee portals are at major risk from cyber security attacks. For example, ransomware is a growing threat to health care providers as it impacts patient’s safety and care. Ransomware usually “infects a PC and restricts access to the infected PC, typically by encrypting most files.” In this case, they will also try and establish networks to encrypt information that’s either being shared or transferred. I believe that once healthcare organizations lose access to their computerized systems, then healthcare providers and hospitals could be forced into using a paper-based documentation method. As a result, this may cause a significant disturbance to their normal operational setting. This shows that ransomware is an easy foundation for criminal hackers to use because of the successful attacks on healthcare organizations. Ransomware has crippled the availability for information to be distributed and exchanged among one another.
In addition, employee portals are at risk via hackers because of the knowledge they possess of healthcare organizations and hospitals. I think that the most qualified physicians and nurses should know how to use electronic medical records and be trained to adjust to the inaccessibility of computerized documents in case of a data breach. We know that this prevention may ensure both patients and hospital data to ensure accessibility as well as securing their privacy. Vendors of employee portals may positively impact patient information because they have a built-in security firewall that encrypts electronic systems with a protective barrier. At the same time, we should incorporate features like password-protected sites and access permissions. Thus, employee portals have become very diligent when it comes to using new IT software updates. I believe this means that hospitals and healthcare organizations will be able to use the improved and secured version, which is important because most security breaches stem from old software versions. I also believe that providers should backup their data daily to ensure protection from hackers. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data stated that “data breaches has cost the healthcare sector $6.2 billion. The report said that nearly 8 out of 10 healthcare institutions were hit with two or more data breaches in 2014 and 2015. Moreover, 45 percent of healthcare institutions were affected with more than five breaches during the said period.”
Essentially, the main problem and challenges facing healthcare IT is the complication of cyber security threats because of the insufficient IT infrastructure.
An advancement of adopting a system that allows information security to be protected in all aspects is encouraged. I think that the implementation of this new system will ensure all information and data while it’s in storage to be protected and kept confidential. This will help also improve the accessibility of the structure on which the information security management system will be built on. They should develop and encourage people to strategize different processing methods for technology to smoothly adapt to its new setting, which will be beneficial. I believe that we should only implement a security program that’s simple and easy for users to practice, yet an effective system. Some components of this system could include easy access to the cloud, the implementation of an effective management structure, provide clear direction and access rights, password maintenance and management, and inspecting appropriate software configuration. I think this will significantly ensure the ability to monitor and detect threats in real time. Within these components of this new system, healthcare organizations should address the reduction of complex security problems by simplifying the usage of the right tools, laws, policies, and the enforcement of healthcare management issues being at risk via hackers and the overwhelming costs of …show more content…
data breaches. In the end, cyber security threats will always be present, but what’s important is to limit the threats to a minimum by advancing the implementation of IT infrastructure.
There are many reasons why the healthcare industry is a top target for cyber attacks.
Some of the top risks, as described in the Infosec Institute article “Top Cyber Security Risks in Healthcare” are as follows:
Healthcare organizations don’t allocate enough budget for IT security. Many industries such as the Federal government, banking, and finance allocate 10-15 percent of their total IT budget to security.
The Federal Bureau of Investigation reports that health records are a hot commodity on the black market and sell for 50 times the price of social security or credit card numbers. This may partially account for the rise in healthcare cyber attacks. Criminals use the data from the EHR to purchase prescriptions or medical equipment and sell it on the black market. They also use the patient data and a falsified medical facility to submit claims to payers. This type of crime can be more difficult to detect and dispute which makes resolution a trickier and longer process.
Ransomware, as described earlier, is a type of cyber attack that allows criminals to basically hijack your data and demand payment to relinquish access to the healthcare organization. This relatively new type of attack and the assault on the healthcare facility can be
disastrous.
Many healthcare organizations have a Bring Your Own Device (BYOD) policy where clinicians are encouraged to bring in their tablets, cell phones, and laptops to transmit healthcare data. This adds vulnerability and risk to the network and many facilities don’t have robust policies to address the issue.
Employee Negligence is another avenue that cyber hackers take advantage of.It is important to have a clearly understood policy around opening email attachments and clicking on unfamiliar or untrusted links. Clear policies and procedures plus employee training are key. One practice is to train employees by sending them fake hacker emails and seeing how they respond. This will not only validate the employee understanding of email cyber threats, it will help train those who may be lax in their email practices.
There are many steps healthcare organizations can take to fight against security vulnerability to ensure the safety of their data. Firstly, it is important to have a strong security governance in place and a team to identify and mitigate risks. The governance board can put security protocols in place and meet regularly to keep abreast of the volatile and changing climate. Hackers are motivated to get smarter so they can continue to infiltrate our systems and it is important to stay ahead of them and diminish new forms of attack. According to the American Hospital Association, it is critical to develop and implement a cybersecurity investigation and incident response plan and to keep in mind national standards that are being developed such as the that is mindful of the Cybersecurity Framework being drafted by the National Institute of Standards and Technology. (www.aha.org) The security team should be involved with local, regional, and/or national associations that share data and collaborate on current issues, solutions and potential threat mitigation.
Healthcare organizations need to address the existing BYOD policies if they have them and beef up the security of the devices. The devices need to be inspected for infection and procedures put in place to include intrusion detection and prevention assistance. Employee training on malware is also key. A well trained healthcare worker is the first line of defense against potential email attacks that can hijack their data and potentially the entire network. It is also important to review the existing insurance policy to ensure that it includes the coverage needed to recover from a potential attack.