Menu
…

How to protect your care business from cyberattack

Cybersecurity in the care services industry has been a growing concern over the past few years. And with the arrival of GDPR, fears about pitfalls could become more widespread [1].

The adoption of new technologies; Electronic Health Records, online patient portals and Internet of Medical Things (IoMT), bring with them new security risks [2]. Because of these, your care services business may have undergone some dramatic changes in recent years.

In 2015, over 100 million healthcare records were compromised from more than 8,000 devices in more than 100 countries [3]. And this is only likely to increase with the growing interconnectivity of modern software and devices.

Unique risks

These are some of the unique risks posed to your business:

  • Volume of personally identifiable information and health information stored on shared systems.
  • Creation and transmission of Electronic Health Records (EHRs) and Personal Health Records (PHRs).
  • Reliance on external service providers for payment processing and laboratory testing.
  • Liability for risks created by providers under regulatory statues.

The most common cyber threats for care service providers

Increase in technology

Information Systems Audit and Control Association research shows mobile devices (54%), cloud (50%), and social media (38%) as the most difficult technologies to secure [4].

Internet of Medical Things (IoMT) is one of the most recent and accepted advancements in medical technology. However, these are also one of the biggest threats of cyber risk [5]. As more of your processes to remotely access information, IoMT devices are not built with security features.

Ransomware is an example of a new and evolving data security threat which acts by breaching shared IT systems and preventing access. The cost of a healthcare data breach has been calculated at £300 per individual record, with an average of 30 records stolen per breach, making this one of the most lucrative cyber scams [6].

Limited investment in cybersecurity

65% of Chief Information Security Officers in care services believe they have “inadequate in-house expertise” to deal with a cyber security breach [7].

Cybersecurity investments in healthcare must compete with other more urgent needs. New medical technologies and equipment, staff and basic supplies are often your priority, leaving your business unprotected.

Interconnectivity

Cybersecurity protection is particularly lacking in smaller and independent practices. If you’re a small organisation, you might receive limited funding, which doesn’t sufficiently cover your cyber security needs.

With modern technology, your business is more at risk than ever. The connectivity of the care services industry, makes your small business an easy way to breach larger organisations by accessing their data through your systems [8].

How to prevent cyber attacks

Did you know that 47% of business technology professionals do not consider their organisations leader to be digitally literate? [9] By taking these few simple actions could help protect your business against cyber threats:

Educate

Every member of staff, from doctors to administrators, plays a role in keeping your organisation secure. But many are not aware of how their day-to-day activities might open the doors to a data breach. Education for your staff is essential in protecting against CEO and dishonesty fraud. Your staffs’ knowledge on what to watch out for and the processes in place if there is a cyber breach should be evaluated.

Create cybersecurity policies

A good cybersecurity policy is essential in managing security throughout your organisation. Over 60% of providers don’t have an effective Identity and Access Management (IAM) policy in place, leaving them wide open to an external breach[10]. We are able to help you write your policy with our expert risk management knowledge.

Cyber threat assessments

A cyber threat assessment enables you to see how your staff are using applications. It not only helps ensure that cybersecurity policies are being followed, but improves compliance and patient data protection [11].

You should also assess the potential financial cost of a cyber-attack, build a model to quantify costs of a data breach and create an assessment for loss arising from data loss.

Why your standard insurance policies won’t protect against a cyber attack

Though your existing policies may offer some level of coverage, they are unlikely to cover in the event of a cybersecurity breach.

Your basic insurance will usually cover:

  • General liability: covers injury and property damage, not economic loss.
  • Errors & omissions: covers economic damages resulting from a failure of defined services only - excluding data and privacy breaches.
  • Property insurance: covers tangible property only.
  • Crime: covers employees and tangible property. Offers no cover for third party property, including customer/client data.

Your basic insurance doesn’t usually protect you if you’re the victim of a breach. Having cyber security cover will help you with disaster recovery, should a breach happen. 

Jelf offer various Care Insurance packages to care services professionals as well as Cyber Liability Insurance to help protect your organisation against the risks posed by cyber security.


Sources:

  1. https://www.goanywhere.com/blog/2018/02/06/2018-cybersecurity-concerns-in-healthcare 
  2. https://www.fortinet.com/blog/industry-trends/minimizing-cyber-risks-as-healthcare-providers-increase-technology-use.html
  3. https://resources.infosecinstitute.com/category/healthcare-information-security/healthcare-cyber-threat-landscape/top-cyber-security-risks-in-healthcare/#gref
  4. https://healthitsecurity.com/news/iot-security-top-concern-for-business-technology-leaders
  5. https://www.fortinet.com/blog/industry-trends/minimizing-cyber-risks-as-healthcare-providers-increase-technology-use.html
  6. https://www.hipaajournal.com/ponemon-institute-publishes-2016-cost-data-breach-study-3470/
  7. https://healthitsecurity.com/news/67-of-cisos-believe-a-cybersecurity-attack-will-happen-in-2018
  8. https://www.calyptix.com/hipaa/10-biggest-problems-in-healthcare-cybersecurity/
  9. http://www.isaca.org/About-ISACA/Press-room/News-Releases/2017/Pages/2017-Digital-Transformation-Barometer.aspx
  10. https://www.goanywhere.com/blog/2018/02/06/2018-cybersecurity-concerns-in-healthcare
  11. https://www.fortinet.com/blog/industry-trends/minimizing-cyber-risks-as-healthcare-providers-increase-technology-use.html
Tags
Share this