Feb 13, 2019 12:00:25 AM
Making Cybersecurity in Healthcare a Business Issue

It’s no secret that the healthcare industry is an ideal target for cyber criminals. Digital transformations are underway; the value of the data is immense; and while breaches in healthcare are generally higher than other industries, digital security funding is a low figure relative to the potential damage a breach could cause.

But breaches happen all the time and the IT heroes working in the trenches spend their work lives on edge. They know what’s at stake. They live it every day.

Getting the rest of the organization to have the same healthy level of worry can be challenging. In order for HDOs to make headway against cyber threats, healthcare cybersecurity must become a priority for everyone across the organization. To achieve this, risks must be recognized as not just an IT issue, but an organizational one. And the language used to communicate these risks must be translated from IT-speak into business terms.

So what resonates the most with healthcare organization influencers and senior executives?

Numbers.

Stat #1: Healthcare data breaches jumped 70% between 2010 and 2017

Not only has the number of breaches dramatically increased, but those breaches have resulted in the loss, theft, exposure or disclosure of over 176 million electronic health records (EHR).

Yowza. If this doesn’t catch the eye of your board or C-suite, then folks aren’t paying attention.

But your competitors might be. Investing in a comprehensive health information security plan that covers every person, application and device across your organization could be a differentiator for future funding, patient admissions, and even press coverage.

Healthcare sector budgets are often siloed into departments. Consider centralizing them or having every budget incorporate a line item for digital security. What better way to get engagement than asking everyone to contribute?

Invest in the right technology for digital security with a fixed-fee or all-inclusive model. For example, a recent study by the Ponemon Institute and Keyfactor found that pricing models often prevent organizations from securing every digital identity in their organization. You’ll feel confident knowing that everything is covered by the budget you’ve set aside.

Stat #2: Healthcare cyberattacks cost an average of $1.4m in recovery efforts

The cost of cyberattacks has increased to $1.4 million . Is “recovery” even a line item on your budget?

Senior management and even the board may not be interested in taking on a budget increase for something that hasn’t happened yet. So assemble an internal team of champions who can build the business case for preventative investment.

These advocates could be a team of doctors, surgical staff, administrators – and of course, your on-the-ground IT staff are ideal SMEs to tell the story of a breach: productivity losses, downtime, upset consumers / patients, and long-term impacts to infrastructure.

Stat #3: 58% of breach attempts involve inside actors

That’s a whole lot of risk potential from inside the walls of your organization. While thefts like stealing a laptop or hijacking credentials to obtain important data are generally driven by financial opportunities, sometimes a threat can come from an employee who just makes a mistake.

By following guidelines and industry expectations, you should be reducing risk both inside and outside your organization. Regular cadences and audits on log files, pending digital certificate expirations, personnel changes and regulatory updates detect issues that could stem from internal sources.

Getting your entire organization to understand the magnitude of threats, reasons for prevention, and remediation options can help you build a committed team of cybersecurity enthusiasts outside of IT.

For even more statistics, download our latest infographic: Digital Security in Healthcare: The Top Ten Reasons You Need a Check-Up.

VIEW THE INFOGRAPHIC