The following is a guest article by Dylan Border, Director of Cybersecurity at Hyland
Healthcare continues to be the most costly industry for data breaches, a distinction the sector has held for 14 consecutive years.
To be fair, the average cost of a healthcare data breach has fallen by roughly 11% since 2023, according to IBM’s latest Cost of a Data Breach report. But even so, the average price tag for a data breach in the healthcare industry sits at a staggering $9.8 million. That’s $3.7 million higher than the average fallout of a data breach in the financial industry, the sector with the next most costly breaches.
The frequency of attacks is equally alarming. In 2023, an average of 364,571 healthcare records were leaked every day in the U.S. In fact, one Hyland client reports their systems are attacked 1,500 times each hour. (Thankfully, their deep defenses have prevented the attackers from being successful.)
After more than a decade of astronomical payouts and ceaseless attacks, why are many healthcare organizations still struggling to lock down their systems? Healthcare’s unique combination of sensitive data, vulnerability to disruption, and overreliance on legacy infrastructure make it an attractive target for hackers. And the hefty ransom payouts they’re able to demand keep them coming back for more.
To break the cycle, healthcare organizations need an updated approach to vulnerability management and IT security hygiene that emphasizes proactive measures.
3 Non-Negotiables for Healthcare Information Management and Cybersecurity
Maintaining your cybersecurity posture is a 24/7 job. Threats will continue to evolve, and staying ahead of them requires constant vigilance and adaptation. However, you and your IT and cybersecurity teams will sleep better at night with these essentials in place.
Robust Vulnerability Management
Vulnerability management is an area where many healthcare organizations have room to improve. A comprehensive approach involves continuous identification, evaluation, and remediation of security vulnerabilities within your systems. Regular scanning and monitoring are essential to uncover and address potential security gaps before they can be exploited. You’ll also want to keep encrypted backups of your most essential systems stored offline. These backups should be regularly tested to verify their integrity and reliability, ensuring you can recover quickly if an attack occurs.
Comprehensive Access Management
Effective access management makes it far more difficult for bad actors to gain unauthorized access to sensitive information. Your access control strategy should include implementing strict controls that limit administrative rights to critical data and systems — the fewer people who have access to this information, the fewer entry points attackers can exploit. This approach, paired with access security features like multi-factor authentication and regular user education, significantly reduces both internal and external threats while simultaneously supporting data privacy and compliance goals.
Vendor Security Scrutiny
Partnering with third-party vendors is necessary to expand your tech stack and upgrade legacy IT infrastructure. However, it’s essential to evaluate a vendor’s security practices before you work with them. To make an informed decision, ask questions about their software development lifecycle, patching process, and ability to support you when attacks occur. Your partners should be transparent about their security practices and have a track record of taking a proactive approach to cybersecurity innovation.
Closing the Healthcare Data Breach Gap
Improving the healthcare industry’s data breach track record won’t be easy, but we can close the gap with a concerted effort to tighten defenses at every system endpoint. With proactive measures designed to stop attacks as soon as they start, your organization can keep patient data safe and bolster trust. It’s time to lead the way in setting a new standard for data protection in the healthcare industry.
No comments:
Post a Comment