The healthcare industry is the most commonly targeted industry for data breaches, with one report from 2017 reporting the healthcare breaches accounted for over 40% of that year’s reported breaches. An earlier report found that there was an average of at least one health data breach per day in 2016, and that these attacks affected more than 27 million patient records over the course of the year. Experts warn that these attack attempts will continue to increase, as long as there is valuable data that can be accessed.

Cyber attacks against healthcare organizations create significant financial implications and threats to public health. In 2016 alone, the United States healthcare system lost $6.2 billion due to cybersecurity related events. As way of addressing this potential crisis, the Department of Health and Human Services (HHS) released brand new guidelines pertaining to cybersecurity practices for the healthcare industry. The aim of this release was to give healthcare providers additional resources to help cost-effectively reduce cybersecurity risks. HHS describes the voluntary guidelines, called ‘Health Industry Cybersecurity Practices: Managing Threats and Protection Patients,’ as “cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks.”

HHS put together a task force of more than 150 health care and cybersecurity experts from the public and private sectors to develop and draft the “voluntary, consensus-based, and industry-led guidelines, best practices, methodologies, procedures, and processes,” aimed at achieving three core goals:

  1. Reducing cybersecurity risks for a range of healthcare organizations in a cost-effective manner.
  2. Supporting the voluntary adoption and implementation of HHS recommendations.
  3. Ensuring that content is actionable, practical and relevant to health care stakeholders of every size and resource level on an ongoing basis.

The guide identifies the five current cybersecurity threats that are facing the healthcare industry.

The top five current threats are:

  1. E-mail phishing attacks
  2. Ransomware attacks
  3. Loss or theft of equipment or data
  4. Insider, accidental or intentional data loss
  5. Attacks against connected medical devices that may affect patient safety

The guide also recommends best practices for mitigating cybersecurity threats, which are consistent with the National Institute for Standards and Technology (NIST) “Five Functions” system.

The ten best practices for mitigating cybersecurity threats are:

  1. E-mail protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cybersecurity policies

The guidelines put forth by HHS provide valuable information on critical threats related to

the health sector. The frequency of cyber attacks on healthcare organizations makes it essential to continuously strengthen cybersecurity and more effectively tackle cyber threats. It is crucial for healthcare organizations to prioritize cyber risk services and cybersecurity efforts in order to reduce patient privacy risks, better protect patient safety and preserve their organizations’ reputations and finances.

About Highland Risk Services

At Highland Risk, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. With offices to serve you in Chicago, Illinois and Phoenix, Arizona, we do everything we can to make your experience with us as professional and transparent as possible. To learn more, contact us at (877) 890-9301.