Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Healthcare

Healthcare encompasses hospitals, clinics, doctor’s offices, chiropractors, clinics, pharmaceuticals, etc. This includes any provider of mental or physical health services as well any business associate conducting business with the covered entity.

Healthcare covered entities and business associates must comply with HIPAA/HITECH as well as complying with PCI Data Security Standards. Each year, healthcare entities collect, store, and share more patient data. More data means more hacking and hacking methods are ever evolving. Data breaches are very expensive as patients must be alerted, the breach reported to the government, and fines may be levied. Compensation may have to be made to those who data was breached along with the investigation costs and consequent solution(s).
Unlike a stolen credit card number which has a limited time use before discovered, data personal data that hospitals collect can’t be changed: Social Security numbers, current and past addresses, birthdates, next of kin, mother’s maiden name, etc. Because this information is permanent, criminals can hold on to it for a number of years before even selling or exploiting it. Many times the information is used to steal someone’s identity for financial gain. This type of information fetches a higher price on the black market over credit card theft making it more attractive for hackers.

The 2018 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey found that 76% of healthcare organizations had experienced a “significant security incident” in the 12 months prior to the survey.  They found 38% resulted from online scam such as phishing or spear phishing.  Careless actions by employees who had data access triggered data breaches in 21% of the incidents.  Hospitals face fines for breaches that happen from healthcare insiders looking up information about family members, friends, neighbors and acquaintances without authorization.  Hackers, nation-state actors, hacktivists, social engineers and malicious insiders accounted for around 25% of breaches.  

Email phishing schemes accounted for 62% of compromise followed by attacks from 3rd party websites, hardware or software preloaded with malware, infected mobile or medical devices, and compromised clod providers.    Almost half of the attacks were caught within a day while around 21% were caught within a week.  Around 9% were caught between a weeks to 3 months.  A handful took as long as a year to detect.  Only around 41% of attacks were caught by the organization’s internal security team while most were caught by other team members, third-party vendors and around 3% were discovered by patients.  

Cyberattacks in the healthcare setting have very serious implications such as imparting care delivery to patients, preventing access to patient data and records, and affecting the functionality of networked medical devices.  Attacks can also disable third-party services, impede the supply chain of drugs and supplies, and affect the building and infrastructure systems.   Ransomware and other cybersecurity threats are high if not number one on the list of technology hazards for hospitals.