Why Mid-Market Practices Are Investing More on Cybersecurity

The healthcare industry is facing a relentless storm: cyber attacks. Recent attacks include:

‍

• Change Healthcare, which has left thousands of providers without the ability to gain insurance approval, putting a massive squeeze on finances.
• A ransomware attack on Sutter Health, impacting over 4 million patients
• A data leak at Magellan Health, exposing the personal information of 3.6 million individuals

‍

These cyber attacks serve as stark reminders of the vulnerability of patient data. Worse is that these are just a few examples of the dozens of cyberattacks that have plagued the healthcare industry in recent years. And so, as we consider the state of cybersecurity in healthcare, let’s look at the reasons why attacks are increasing and what mid-market healthcare organizations can do to protect themselves. 

‍

A Bullseye on Patient Data: The Rise of Healthcare Cybercrime

‍

Why is healthcare being targeted so frequently? 

‍

First, healthcare data is a goldmine for cybercriminals. Electronic health records (EHRs) contain a wealth of sensitive information, from Social Security numbers to medical diagnoses. These records fetch a high price on the dark web, making healthcare a prime target.

‍

Second is that many practices have aging IT infrastructure. Outdated systems with known vulnerabilities are easier for attackers to exploit. 

‍

But it’s not just healthcare. Thanks in part to ransomware toolkits and other off-the-shelf tools, it’s never been easier for cybercriminals to attack. Because of tools like these cyber attacks are increasing across industries. 

‍

Beyond the Big Guys: Why Mid-Market Healthcare is Vulnerable

‍

Many small to mid-market businesses assume they’re less vulnerable simply because they’re a smaller target, but that’s not always true. Cybercrime is often an act of opportunity. Smaller targets may have weaker or aging infrastructure, poor cybersecurity protocols, and will often invest less in protecting data, which makes them easier to exploit. Furthermore, mid-sized practices might not have the dedicated IT staff or security expertise to monitor and maintain their systems. This creates blind spots that attackers can leverage.

‍

HIPAA and Beyond: The Importance of Cybersecurity

‍

So why care about cybersecurity? Data breaches can lead to violations of the Healthcare Portability and Accountability Act (HIPAA). According to HIPAA Journal, HIPAA fines can be as high as $50,000 per violation and one exposed record could be considered a violation. 

‍

But investing in cybersecurity isn't just about avoiding hefty HIPAA fines. A data breach can damage your practice's reputation, erode patient trust, and disrupt critical services. By prioritizing cybersecurity, you promote a positive patient experience by safeguarding their sensitive data.

‍

Practical Steps for Mid-Market Healthcare Organizations

‍

Cyber attacks are increasing and the situation seems dire – what can you do? In general, practices should continue to prioritize and invest in cyber security, and it’s not just about technology.

‍

Here are some affordable and practical ways mid-market healthcare organizations can get a head start in cybersecurity:

‍

1. Employee Education: Train staff on best practices for data security, like identifying phishing emails and following strong password protocols.

2. Regular Backups: Implement a consistent data backup schedule and store backups securely, preferably offline or in the cloud.

3. Patching and Updates: Prioritize regular updates and patching of software on all devices to address known vulnerabilities.

4. Multi-factor Authentication: Implement multi-factor authentication (MFA) for access to sensitive systems, adding an extra layer of security.

5. Security Software: Consider affordable endpoint security software to help detect and prevent malware and other threats.

6. Consider Managed Services: There are dozens of IT groups that specialize in data protection for healthcare. If you don’t already use a service provider, find one that’s savvy in healthcare data protection as well as HIPAA compliance.   

‍

By taking these proactive steps, mid-market healthcare organizations can significantly strengthen their cybersecurity posture and protect their patients' sensitive data. Remember, cybersecurity isn't a luxury, it's a necessity.

‍