It's sad to say, but healthcare organizations are lagging in the race toward cyber resiliency. Sure, financial institutions and technology companies have, for the most part, embraced vital cybersecurity solutions. But healthcare as a whole is still far behind the curve.
Of course, that's not to say that cyber resiliency and healthcare are incompatible. There are still plenty of opportunities to do what's right for patients and practices. Thankfully, large numbers of healthcare organizations are adopting encryption, says Health Data Management.
Below, CyberPolicy looks at this encouraging trend and what it means for cybersecurity in healthcare.
Healthcare Counts on Encryption
It may have been the wakeup call the industry needed. In early 2015, Anthem Inc., an American healthcare insurance company, revealed the breach of 78.8 million records containing personally identifiable information. It was one of the largest data breaches in history; and resulted in several class-action lawsuits, which were eventually settled for $115 million.
Anthem had failed to encrypt the content of its databases. Like many healthcare related businesses, the company saw encryption of data 'at rest' as an impediment to productivity.
"Healthcare providers, in particular, were reluctant to slow response times for doctors and other staffers who frequently query databases like electronic health record (EHR) systems," writes Health Data Management. Which means hackers and cyber crooks could access this highly sensitive information without an encryption key.
Encryption works to obscure data by requiring a specific key to make the contents readable. Most forms of modern encryption continuously update this key, making the contents unreadable to anyone besides the intended recipient(s).
Implementing encryption of all data – whether in transit or at rest – is a must for any organization. Otherwise, critical data like patient information, health records, and financial information could fall into the wrong hands. This is especially troubling since most information of this type usually makes its way to the dark web. (The threat of identity theft is one of the primary reasons Anthem suffered litigation.)
Health Data Management speculates more organizations are adopting the essential technology, due to falling price points. But one might also be right in assuming the more practices adopting encryption, the more it will be seen as a vital consideration.
Then again, encryption isn't an end-all-be-all security solution. It only works to protect data from prying eyes. Healthcare organizations are still vulnerable to a litany of cyberattacks. These include malware, ransomware, password cracking, distributed denial of service (DDoS), phishing, social engineering, and other scams.
Healthcare-related businesses can stymie many of these attacks with smarter security protocols. Cybersecurity training sessions can teach employees to detect common scams before they impact your network. Other times, it's a matter of deploying the latest defense technologies.
But even with the best technologies in place, cyber scammers can still hit organizations. Fortunately, cyber insurance policies for health practices are here to help.
Defend your healthcare business against the worst consequences of cyberattack and data breach by visiting CyberPolicy today!