The amount of cyber-related attacks continues to significantly increase year after year. This is especially true in the healthcare field. One patient record goes for $50 on the black market. To put into perspective, social security numbers or credit card numbers go for $1 per account. The sheer value of patient records create tremendous incentive for cyber criminals to target the healthcare vertical. Another alarming statistic is that on average, healthcare organizations spend just 6% of their IT budget on cyber security assessments, tools and training.
With the demand for patient records being in high demand on the black market combined with minimal security investment, healthcare organizations are experiencing record amounts of attacks. In 2015, a study by The University of Michigan found that there were more than 1 million FTP servers connected to the internet. In addition, those same FTP servers required no password to access. The study also found that over 600 million records were exposed openly on the internet. According to CSO Online, the monetary damage that will be caused by cyber-attacks overall will reach up to $6 billion annually by 2021!
As alarming as these stats are, it is not too late for the healthcare vertical to fortify against new and improved cyber threats. Here are some areas where comprehensive cyber security assessments shore up these gaping vulnerabilities.
Cyber Security Assessments Provide Critical Insights
It is always a good idea to know your vulnerabilities before they become exposed. Comprehensive cyber security assessments are essential to creating a robust cyber security strategy. Knowing the exact number of devices and software on the network is something that CISOs should always monitor. It only takes one unaccounted for device for hackers and malicious software to infiltrate the network. In addition, knowing the relationship of connected devices, and how they gather and share data must adhere to consideration.
Compliance and Security
Just because a healthcare facility is HIPPA compliant does not mean that they are 100% secure. HIPPA’s risk assessment piece does a good job covering the physical, technical and administrative aspects of securing patient records. However, if the CISO does not understand where the data is, where it is going or the exact devices on the network the assessment will not be accurate. In addition, the CISO must understand how data storage is properly and securely logged, decommissioned and disposed of. Comprehensive cyber security assessments are critical tools for CISOs looking to achieve compliance and a high level of security.
Data Governance and Access
Comprehensive cyber security assessments help CISOs to determine which users have access to certain systems. This can be challenging to manage if the healthcare entity faces significant employee turnover or job role changes. This “access creep” can continue to build if left unchecked. To elaborate, access creep leads to gaping vulnerabilities for unauthorized access from internal and external sources. Another example involves bringing in a new system and granting access without knowing what the workflows will be. In summary, cyber security assessments will identify access creep points, helping CISOs to enact effective policies and procedures.
Share this Post