Navigating an Escalating Digital Crisis: A New Threat to Healthcare Workers
Since the inception of the internet, there has been a growing need for cybersecurity. But where is the most significant requirement for protection? In most cases, banks, government services, or large corporations may come to mind. While there is always a need for cybersecurity in these fields, there is a faster-growing breach of security in none other than the healthcare field. Hospitals and other healthcare systems store vast amounts of personal data as well as our most sensitive information. However, there is one aspect of security breaches in healthcare that is seemingly overlooked—employee data.
Since the focus of past attacks has generally been on patient data, security in that area has improved, ultimately leading to employee data being an easier target for hackers. This problem will only continue to fester unless organizations begin a holistic approach to applying security in healthcare; patients and employees deserve equal and adequate protection.
What makes cybersecurity in healthcare so tricky? According to cybersecurity professionals, 34% of healthcare organizations' budgets did not significantly change to meet the demand. As a result, vulnerabilities grow while the cost needed to fix them stimies. Another major problem is the human factor; many organizations have not implemented basic security controls. Overall, there is not enough support for cybersecurity in healthcare to protect data from threats.
Protecting Your Workforce
If your employees aren’t adequately protected, how would potential customers be able to trust that their private information is safe? Even with the significant improvements made in the last decade in protecting patient information, bad news spreads quickly. If a potential customer sees that there was a data breach, they may not trust that they will be safe.
A recent cyberattack on Red Cross compromised the data of over 515,000 people. While there has been significant efforts to secure patient data and privacy, employees in the healthcare field have recently suffered the consequences of weak protection.
On December 11th, the Ultimate Kronos Group suffered a ransomware hack from an unknown entity. This attack knocked down the Kronos Cloud widely used for workplace management. This has especially impacted the healthcare industry, as many of the patient scheduling softwares have been deactivated, as well as employee pay. This attack has also leaked employee social security numbers, location of work, and contact information to the hackers.
Ransomware: What Is It, and What Can We Do About It?
One of the most common attacks on healthcare systems is ransomware. Ransomware is malware that attackers can deploy into their victim’s computer network to encrypt (lock) their files. The only way to regain access to your data is to pay the ransom. However, there is no guarantee that you will regain access.
So, do you pay this ransom? This is a complicated situation that requires quick and decisive thinking. On average, only 65% of data is recovered when the ransom is paid off, and the risk of the attacker leaking/selling the data still remains. In some cases, paying the ransom could be considered illegal. It is also important to note that paying the ransom incentivizes the attackers to continue to target your organization.
The best insurance to have in this predicament is to have secure backups in place—in the cloud or on a local drive. It is also important to regularly test restores on all essential business data. Being well prepared for a ransomware attack allows you to better respond to the situation should it occur.
How Do I Begin Preparing?
As cyber threats continue to grow, getting a jump start on securing your data is imperative. But how do you start this process? Here are some elements to consider:
- How fast can I get a risk assessment performed to determine the security program in place is sufficent?
- Can I trust those I hire to keep my company and employees’ information safe?
- Am I training my organization in ways to protect the business?
- Will they be readily available for us if we get attacked?
- Can they adapt to threats and business changes as they arise?
These are important matters that could drastically affect the safety of your companies, employees, and patients’ data. When you begin the journey to secure private information, consider utilizing the services of a partner that specializes in providing digital innovation to advise your security efforts. With hundreds of cybersecurity specialists by our side, we at Oxford are here to help you embark on your journey to securing your company.