How secure is your practice? Are you a target for cybercriminals? According to a recent survey by the Healthcare Information and Management Systems Society (HIMSS), practices around the country are neglecting their cybersecurity and leaving themselves open to attacks. Could you do more to protect your patients and your practice?
Before we get into some of the most common healthcare cybersecurity mistakes that HIMSS found, let’s talk about why more practices don’t make this a bigger priority and why this is a major mistake. HIMSS Director of Privacy and Security, Lee Kim, says, “As recent as five years ago, you would hear people saying that people wouldn’t want to attack a healthcare facility because they didn’t believe anyone would want to do harm to the patients.”
While we’d all love to think that cybercriminals would avoid targeting healthcare practices, that’s just not the case. According to Ericka Chickowski at the information security news site DARKReading, cybercriminals can get major rewards for healthcare information. Individual medical insurance IDs that have valid prescriptions go for $0.50 each. “Fraudulent tax returns based on stolen medical records [are worth] $13.40,” Chickowski says, “And fake birth certificates based on data stolen from medical records [sell] for $500.” And if a cybercriminal gains control of your entire EHR database, they may be able to sell that information for up to $500,000.
With prices like these on your patients’ information and your EHR data, there’s no denying the importance of cybersecurity for your practice. So, how can you improve your practice’s security? Let’s look at a few of the most common mistakes practices across the US are making today.
No Anti-Malware/Antivirus Software
Per the survey, 84.9% of acute healthcare providers reported using antivirus, anti-malware, and/or firewall software to protect their systems. This percentage might seem high, but HIMSS was hoping this number would be more than 99%. This is the most basic (and, potentially, most important) thing you can do for your practice to protect against intrusions.
Failing to Manage Patches and Vulnerabilities
Hackers are always looking for vulnerabilities in software systems. If you aren’t up to date on the latest patches and updates for your security software, you could be opening your system up to an attack. According to HIMSS, only 61.3% of providers had programs in place to manage patches and vulnerabilities.
No Intrusion Detection System
So, what happens if a hacker does gain access to your system? How soon will you know that something is wrong, and how quickly can you close the breach? Without an intrusion detection system, nearly 43% of acute providers in the US put themselves at a higher risk for catastrophic breaches.