October 24, 2019
Why the Biggest Threat to Your Health Could Be Cybercrime
October is National Cybersecurity Awareness Month. While companies across all industries ought to be concerned with protecting data, it is particularly important to do so in healthcare. For nearly ten years, Aria has served as the public relations agency of record for CynergisTek, a leader in cybersecurity, privacy, and compliance in healthcare. As a result, we’ve become particularly attuned to the various risks and threats that healthcare providers, health IT companies, and patients face every day. Here are a few reasons why healthcare organizations need to prioritize the privacy and security of the data they manage, this month and beyond:
Healthcare data is valuable
Most healthcare professionals intrinsically know that health data is valuable, in part because the federal government made efforts to protect it by signing HIPAA into law over 20 years ago, which established standards for protecting electronic health data. Cybercriminals seek out this information for a variety of reasons. Beyond stealing and selling social security numbers, hackers can use health data to obtain fraudulent medical care for themselves and land the victim with the bill. Sensitive information can also be used for more sinister purposes such as extortion or blackmail. (You may recall that same-sex dating app Grindr faced a public relations crisis last year when it was discovered that it was selling unencrypted user data, including HIV status, to third-parties.)
There are serious clinical implications after a breach, as well. A health system cannot always discern which data has been changed or compromised. If providers can’t trust a prior health history or prescription list, for example, this can pose legitimate medical consequences.
Healthcare breaches are costly
In addition to the clinical impact, cybercrime in healthcare, like any sector, of course brings with it financial burdens. According to a study by IBM and the Ponemon Institute, data breaches in healthcare cost an average of $408 per record. Not only is this higher than in any other industry, but it is actually nearly three times higher than the average cost of a breach across all industries, from finance to retail. In fact, by some estimates, the average cost of a healthcare data breach in the U.S. totals $15 million.
While there are immediate costs associated with a breach, the effects can be felt by the impacted organization for years. For the past five years, loss of business following a breach has been the biggest cost for the affected entity, across all industries. On a more positive note, provider organizations can minimize the fallout if they are forthcoming: 90% of patients say they would be lenient after a breach if the affected organization had a communication plan in place to notify patients. This suggests that with some strategic damage control, healthcare entities can regain the public’s trust.
New risks continue to emerge
It’s no secret that healthcare is undergoing a massive technological shift, and largely for the better. Providers and patients alike have access to myriad connected communication modalities to deliver and receive care, from telehealth and patient portals to remote patient monitoring. However, with new technologies come new risks. It may sound far-fetched and dystopian, but a successful hacker with nefarious aims could damage the efficacy of a medical device if not properly secured, for example. (This was the subject of an episode of Homeland, where the Vice President was assassinated after his pacemaker was compromised.) As cybercriminals become more refined, medical providers need to consider potential threats from every angle as they introduce new technologies into their practice—for the health of their business and most importantly, that of their patients.
Now that I’ve sufficiently scared our readers, those interested in learning about the public relations work we’ve done in the healthcare cybersecurity space or any other industry niche can email firstname.lastname@example.org to learn more about our services—for the good times and the bad.