Consequences of Increased Cybercrime for the Healthcare Industry

November 2015

The rise in cybercrime is no secret, with news of major breaches routinely making national headlines. What many don’t realize, however, is that cybercrime is in the midst of an exponential rise across industries and the global business landscape, and that lack of knowledge is the greatest risk of all. Both the frequency and cost of cyberattacks is growing at a ferocious rate, and the healthcare industry is not immune to the trend. With the significant increase in use of electronic medical records (EMRs), the Federal Government has issued multiple warnings specific to the vulnerability of healthcare providers. In recent months the FBI has warned of the growing trend, singling out the American healthcare industry as lagging far behind other industries in its ability to adapt and protect.

According to the U.S. Department of Health and Human Services, nearly 1.6 million people had their medical information stolen from healthcare providers in 2014. This is worrisome not only because it paints healthcare providers as an easy target, but because the information that can be stolen from providers is widely believed to be more valuable on the black market.  Medical information is routinely sold on the black market for use in everything from the purchase of ill-gained medical equipment and pharmaceuticals to outright identity theft of credit worthy Americans.  Additionally, medical information theft can be harder to detect and cleanup. Unlike the financial industry’s responsibility with credit card identity theft, victims of medical identity theft often have limited legal rights to recover financial losses.

The issues of cybersecurity are challenging and complex, but far from impossible. Addressing those problems and overcoming them will take more than the local IT department. It will require senior management leading the charge and engaging every player within the organization; from the executive office to the most junior intern. Without a top down and bottom up approach, working seamlessly, simultaneously, risk will grow to both the organization and those it serves. Those growing risks don’t stop at data theft and often lead to regulatory fines, loss of reputation and significant impact to a company’s bottom line. All of this is manageable with a proper assessment and mitigation plan.

There are many ways to defend against the increase of cyber threats. Performing a thorough assessment of your organization in order to highlight weaknesses and develop a strategy is a good start. Below are a few areas you should consider when conducting your own assessment:

  • Organizational culture towards security
  • Firewall and Antivirus software
  • Logical Access Control over your applications and network
  • Physical security of sensitive information
  • Strong password parameters and requirements
  • Backup policies and procedures
  • A comprehensive disaster recovery plan
  • Limited network access

While self-assessment is a good start, not all organizations have the resources or experience to lead the type of efforts needed in identifying these risks. Many organizations often opt for experienced third party expertise to complete a structured, holistic review of the cybersecurity environment and provide a risk mitigation plan with detailed steps. At Baker Newman Noyes, we have professionals with experience evaluating IT environments and identifying areas that require attention. We can assist your organization with being proactive instead of reactive. For more information on our services and to inquire how BNN can assist your organization, please contact Ilona Davis or your BNN advisor at 1.800.244.7444.