Cybersecurity has been a hot topic in the healthcare industry in recent years for good reason. Many practices and facilities have fallen victim to costly attacks that have not only carried financial impacts, but also interrupted patient care. It seems the news about these attacks is everywhere, but just how common are cyber-attacks in healthcare and, perhaps more importantly, what are some avoidable mistakes that increase an organization’s cybersecurity risk? Read on.
How common are cyber-attacks in healthcare?
Unfortunately, cyber-criminals have realized that healthcare data is particularly valuable, and as a result cyber-attacks in healthcare are becoming increasingly common. 45 million people were affected by healthcare cyber-attacks in 2021, an all-time high up from 34 million in 2020, according to data from the United States Department of Health and Human Services. Compared to 2018, when just 14 million people were affected, this figure has tripled in just three years. More records are exposed per breach each year, raising the overall impact of each attack.
6 Mistakes That Could Put Your Practice at Risk of a Cyber Attack
While you may not be able to guarantee with complete certainty that your practice won’t experience a cyber-attack, there are mistakes that can increase your risk and make you more vulnerable.
- Not staying updated: Failing to update software and equipment and not staying informed of the latest trends and threats can put your organization at a greater risk of cyber-attack. To avoid this mistake, prioritize system updates and follow cybersecurity thought leaders to ensure you’re always up to speed.
- Not properly training staff: Human error is a huge factor in most data breaches, and untrained or inadequately trained employees greatly increase the risk of a data breach. This is why it’s important to create a culture of cybersecurity awareness in your organization, implementing frequent, brief training sessions to keep cyber safety top of mind for all staff.
- Failing to prepare for a cyber-attack: Most organizations will fall victim to a cyber-attack at least once. Failing to take the threat seriously and have protections and plans in place not only increases the risk of attack, but also enhances the negative impact when an attack happens. Organizations should assume that it’s a matter of when they will get attacked, not if. It’s important to create an incident response plan so that you’ll know what to do in the event of a cyber-attack.
- Not using secure software: Not all software has the same security standards. Using a software that doesn’t prioritize security, even unknowingly, can increase your practice’s risk of falling victim to an attack. To avoid this mistake, always vet all solutions and only implement those with the strongest security protocols.
- Failing to create strong passwords: Weak passwords are an invitation to cyber criminals. Additionally, recycling passwords and using obvious passwords increase cyber risk. This is why it’s so important to create strong passwords. This means longer passwords with upper case, lower case, numbers, and special characters. Ideally, your password should have no obvious connection to your or your business. Finally, it’s also a good idea to use two-factor authentication.
- Failing to back up data: Not backing up data not only increases the risk of a cyber-attack, but also increases the costs of recovering data when an attack happens. To protect your practice, regularly backup data and store the backup in a separate, secure location.
With cyber-attacks becoming an unfortunate fact of life in the healthcare industry, there is at least a slight chance that any given practice could experience a breach. However, not all practices have equal odds of falling victim and the above mistakes certainly increase risk.
Knowing the potential impact a cyber-attack can have on organizations, Henry Schein SolutionsHub has worked to ensure that we’re offering vendors with secure solutions that will improve your practice’s efficiency while also keeping you safe. Additionally, we’re proud to offer Black Talon Security, a 100% US based firm of highly credentialed security experts, who can help to make sure your practice is adequately protected against cyber-crime.