On September 16, 2019, Wigan hospital in Greater Manchester, UK, distributed 2,172 letters to former patients – and now cyber victims – related to unauthorized access to its network. After discovering a possible data breach on the system and conducting an investigation, poor computer cyber hygiene was identified as the main culprit, allowing personal information to be viewed on multiple occasions by an employee who inappropriately accessed the health record system. Implementation of basic access controls could have prevented this violation of personal health information.
This recent privacy breach demonstrates that cybersecurity is an increasingly important element in healthcare. In the past five years, healthcare data breaches have grown in both size and frequency, with the most significant breaches impacting as many as 80 million people. Medical data can paint a uniquely intimate picture of a person’s life, which makes the information particularly valuable to cyber actors looking to exploit victims.
As the healthcare sector continues to adopt new technologies, the volume of sensitive data that can be extracted through existing security gaps continues to grow exponentially. For example, pacemakers and other devices are routinely connected to the internet; these face the same vulnerabilities as other computer systems. The U.S. Food and Drug Administration recommends that both the manufacturer that creates the device and the health care facility that implants it take preventive security measures.
While regulators and legislation continue to support adoption of best practices to protect consumer and patient privacy rights, the healthcare sector is still underinvesting in cybersecurity. Many healthcare providers are unable to detect cyber attacks when they occur. While attackers may compromise an organization within a matter of minutes, it often takes many weeks – if not months – before the breach is detected. Often, simple technical or process controls could have prevented breaches.
To detect and prevent security incidents, health care providers should focus on frequent cybersecurity “checkups,” in the same spirit as the regular preventive health checkups that maintain human health. In addition, particular emphasis should be placed on configuration of networks and the introduction of cyber risk from third party vendors. The hidden costs of third-party vendor risk management are about $3.8 million per provider annually, according to a recent report.
As always, vulnerability management and patch management are essential to data security. To improve information security in healthcare, organizations need to hire informatics professionals who can collect, manage, and leverage data – and protect it as well. Healthcare data professionals should continue to develop new strategies and implement best practices to ensure the safety of sensitive health data, protecting patients and organizations from financial loss and other forms of harm.
About Liberty Advisor Group
Liberty Advisor Group is a goal-oriented, client-focused and results-driven consulting firm. We are a lean, handpicked team of strategists, technologists and entrepreneurs – battle-tested experts with a steadfast, start-up attitude. In 2019 Liberty Advisor Group announced the launch of Cybeta™, a suite of intelligence products and services designed to help keep your business off the Cyber X. The product suite is tested and proven to predict future breaches and will give you the business threat intelligence needed to outpace your competition in the cybersecurity battle. Cybeta was built by US intelligence-trained experts that have gained their skills from decades of experience at the DoD and U.S. National Intelligence communities. In 2019, Liberty has been named to the 2019 Best Places to Work in Chicago and to FORTUNE’s list of Best Workplaces in Consulting and Professional Services.