Healthcare Cyber-Security: An Urgent Priority and a Shared Responsibility

Posted by Patrick Bores on June 20th, 2024
Author
Patrick Bores
Patrick is the Chief Information Officer and product and technology development leader with over two decades of experience in the healthcare industry. As a healthcare automation expert, he spearheads innovative AI/ML solutions to improve accuracy, efficiency, and cost-effectiveness. He graduated from the University of Minnesota in Computer Science and is a Certified Information Systems Security Professional.

From casual technology users to CIOs, most people know that data security is a big issue. For many years, we have all been warned – whether through company memos or external news media – to create stronger passwords, stay on guard against phishing and malware, and (for those in the IT field) to fortify our networks with stronger security protocols.

Yet, the cyber-attacks keep coming, and they’re often successful. Another high-profile incident in the healthcare industry occurred in February 2024, when one of the country’s largest clearinghouses for medical claims and payments was breached. While the system was offline, severe disruptions rippled through the American healthcare system: claims stagnated, providers faced cash shortages, and millions of consumers may have had their personal information leaked onto the dark web.

This major incident was just one example of daily attacks that plague the public and private sectors, and the healthcare industry, in particular. In 2023, 725 healthcare data breaches were reported to the U.S. Department of Health and Human Services, which tracks cases where 500 or more records were exposed. The constant threat of data breaches and the industry’s (often failed) attempts to deal with them contribute to higher costs and inefficiencies in the U.S. healthcare system.

Healthcare faces a massive challenge

When it comes to data security, the healthcare sector faces an even more difficult challenge than the rest of the world. That’s because, in the eyes of cyber-criminals, healthcare organizations are a treasure trove of secrets including patient’s names and addresses, medical records, financial data, Social Security numbers and more. At the same time, hackers know the critical nature of many healthcare services (i.e., the need to remain up and running 24/7) makes them more likely to acquiesce to demands such as paying a ransom.

Criminals rely on a range of tried-and-true methods to infiltrate company networks. They can include, among others, brute force password hacking, posing as a coworker through a spoofed email account, or phishing emails that dupe unsuspecting victims into sharing login info or installing malware. Unfortunately, as more corporate employees have learned to recognize these tactics, hackers’ methods are growing ever more sophisticated. Unlike the familiar (and obvious) scam emails riddled with poor spelling and grammar, today’s scams – some of which employ AI or voice duplication technology – can be quite convincing even to trained eyes and ears.  In particular, Large Language Models (LLMs) are able to create “deep fakes” of voices and even live interactive video that is practically indistinguishable from a genuine experience.

When the hackers succeed, the costs can be devastating. The breached organization may lose revenue during the business disruption; they may need to hire additional security experts to deal with the issue; and they may suffer longer-term reputational damage when customers learn of the breach. According to the IBM 2023 Cost of a Data Breach Report, the average global cost of a data breach was $4.45M, and the average in the United States was even higher at $9.48M.

As a whole, the healthcare industry has worked hard to counteract these threats, ensuring compliance with HIPAA guidelines and more specific security frameworks such as SOC2.

Nevertheless, many of today’s security tools are flawed, best practices remain open to interpretation, and rarely are robust defenses implemented consistently across every access point. Given the constant barrage of attacks that continue to compromise consumers’ private information every day, there’s clearly much more work to do.

Near-term: What companies can and should do now

While nearly every company employs some form of data security, the strength of their defenses can vary widely depending on budgets and in-house expertise. Regardless, there are certain security measures that no healthcare company can afford to forgo. For example:

Longer-term: Advancements we should all pursue

Just as companies continue to fortify their networks, cyber-criminals are forever inventing new ways to break into corporate networks. After all, hackers are security specialists themselves; they simply work for the “bad guys.” To have a real chance of preventing breaches, healthcare organizations must make security a top priority, going beyond mere lip service and regulatory compliance to achieve the highest level of security they can. Here are our recommendations:

The alarm bells have been sounding for years, and it’s time every company – especially those in the healthcare industry – give cyber-security the urgent attention it deserves. To reduce the frequency of data breaches, security can’t be an every-man-for-himself proposition; it’s a shared responsibility requiring collaboration between all stakeholders involved. That means companies must be willing to collaborate with each other on security protocols, educate all employees and engage them in a security culture, and help consumers understand how new security measures and behaviors benefit them. Equally important, we must dispense with the outdated mindset that heightened cyber-security creates a draconian burden for technology users. It’s quite the opposite. By finally getting security right, we can make significant progress toward a more efficient and lower-cost healthcare system for all.

For more information, contact us here.

Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Recent Articles

View All 

Smart Data Solutions Expands with New Global HQ, ...

Eagan, MN, December 10, 2024 – Smart Data Solutions (SDS), a leader in healthcare process automation and interoperability, ...
Read Article

How Automation is Redefining Outsourced Claims Management

Introduction When it comes to claims management, few areas of the healthcare lifecycle deliver greater opportunity and risk. ...
Read Article

Is Your EDI Gateway Putting You at Risk?

8 Quick Tips for Selecting an EDI Gateway and Clearinghouse Provider Partnering with the right EDI Gateway and Clearinghouse ...
Read Article

Why handle the heavy lifting of your claims workflow when a smart team enhanced by AI can?

Achieve peace of mind, reduced costs, and greater process efficiency by automating and consolidating your data workflow.

Start Customizing Your Solution