70% of hospitals experienced a “significant security incident” within the past twelve months, per HIMSS survey.
If the pandemic has taught us anything, it's that malicious cybercriminals show no signs of slowing their efforts to access sensitive health information, emphasizing the need for healthcare organizations to have a data protection strategy capable of safeguarding against new and emerging cyber threats. Ransomware, in particular, has emerged as the preferred method for hackers. In 2020, ransomware attacks were more expensive than the average data breach, costing $4.4 million on average.
The 2020 HIMSS Cybersecurity Survey revealed that 70% of hospitals surveyed had experienced a “significant security incident” within the past twelve months, including phishing and ransomware attacks that resulted in the disruption of IT operations (28%) and business functions (25%), as well as data breaches (21%) and financial losses (20%). And, the number of hacking incidents reported in healthcare jumped 42% in 2020, according to a Forbes report. Hacking incidents comprised more than half of all last year's patient data breaches — 62% — up from 2019.
These unsettling figures are good indicators of how hackers targeted overwhelmed healthcare organizations, and their limited resources, amid the pandemic. It provides a fresh reminder of just how critical it is for our healthcare infrastructure to be resilient in times of crises. Just as handwashing is a foundational element of modern medicine, cyber hygiene must be regarded as a basic and essential component of a functioning medical system.
October is National Cybersecurity Awareness Month. It is an annual reminder that if everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone. This year's theme, Do Your Part. #BeCyberSmart, empowers individuals and organizations to own their role in protecting their part of cyberspace.
To a business, it is often employees who pose the most risk, making them vulnerable to cyberattacks. In a recent survey on trends in employee cybersecurity and risk awareness, 79% of respondents have engaged in at least one risky activity over the past year. More than a third (35%) had saved passwords in their browser in the last year, a similar number (32%) have used one password to access multiple sites, and around one in four (23%) have connected a personal device to the corporate network.
Despite almost all respondents (98%) having an awareness that individual actions such as clicking on links from unknown sources can open the door to theft, malware, ransomware, and a host of other security issues, only 16% of respondents felt their organization is at a very high risk of a cybersecurity attack. And nearly half of all respondents (48%) admitted that they have not received any cybersecurity training from their employers in the last year.
Ensuring the cybersecurity of your organization depends as much on end user education as it does policies and technology. A layered security strategy must include a thoughtful end user cybersecurity awareness and education program. Your organization is only as secure as your employees are aware.
At Quadax, we recognize and take very seriously our responsibility as a supplier of compliant revenue cycle solutions and to the security and privacy of our clients' data. We invest in infrastructure and measures designed to continually enhance security, privacy, availability and data integrity.
Security is more than just technology though, it's also about people and processes. There is no single security system, control, or technology that will fully protect data. Being proactive is your best offense against cyberattacks. Understand the risks and be aware of how your digital presence can impact the entire online community.
Additional Cybersecurity Resources
- Cybersecurity in Healthcare
- Insider Threat Self-Assessment Tool Released by CISA
- Top 10 Tips for Cybersecurity
- Be Cyber Smart: A guide to help you do your part