The Impact of Cyber-Attacks, and how Healthcare Organizations can protect themselves
Cyber-attacks have become an increasing problem for healthcare organizations, and according to the 2016 HIMSS Cybersecurity Survey, more than 85% of respondents reported that information security has increased as a business priority.
When a healthcare organization falls victim to a cyber-attack, the effects are wide-ranging and impact:
1. The hospital’s finances
2. The hospital’s reputation
3. Patient safety
4. Availability of IT programs, which can hinder patient care
5. The privacy and security of patient and employee information
I recently had the opportunity to work with a small group of cybersecurity experts to help develop the HIMSS Cybersecurity Position Statement, which aims to fortify the healthcare community against cyber-attacks.
Together, we’re recommending three things that the nation can do to proactively prevent cyber-attacks on healthcare institutions:
1. Adopt a Universal Information Privacy and Security Framework for the Health Sector.
HIMSS recommends NIST’s Cybersecurity Framework, which all Imprivata products are certified in. This framework was developed in response to Presidential Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”, and aims to reduce cyber risks through standards, guidelines, and best practices to promote the protection of critical infrastructure.
2. Create an HHS Cyber Leader role.
With a cyber leader role in the U.S. Department of Health and Human Services, there will be a person to champion cybersecurity efforts, and establish a plan to combat cyber-attacks in the health sector.
3. Address Shortage of Qualified Cybersecurity Professionals.
One way to prevent cyber-attacks is to understand how they happen. With more personnel appropriately trained and educated in cybersecurity, attacks can be prevented.
With the help of this framework, we hope that healthcare organizations will come together as an industry to successfully thwart cyber-attacks. As a united front, the healthcare industry will be harder to infiltrate, and will become less of a target by cyber criminals. Version 1.1 of the Cybersecurity Framework is expected to be released in early 2017, and will include updates that will enhance the Framework and make it even easier to use.