- September 30, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Healthcare
Healthcare’s digital transformation came as a direct result of the enormous uptick in cyberattacks. Everything was on a server, but hardly anything was protected. Healthcare and other industries then began adopting virtual storage in the cloud. The storage was great, the efficiency was great, and then someone got hacked. Fast forward to today and healthcare organizations incorrectly manage security compliance as a subset of medical compliance. By doing so, this action indirectly makes cybersecurity take a back seat and consequently makes the organization vulnerable. The healthcare community has fallen behind other industries to protect its main stakeholder’s – patients. Hospitals have been trusted for centuries to protect and treat patients. But how did their protection from disease and injury turn to data protection and information security?
One of the biggest reasons healthcare has fallen behind is because of the nature of the industry itself. Healthcare has long been highly fragmented, and many organizations have outsourced multiple areas of their operations which has further perpetuated the problem (billing, customer services, research, etc.). Due to poor communication, transparency and effort they have become one of the most common victims of cybercrime. Healthcare outsources daily operational tasks in exchange for ‘efficiency’ and ‘cost effectiveness’ but it often comes at the expense of security. Third-party vulnerabilities expose healthcare organizations to uncontrollable security risks. Most recently, this can be seen with Inova Health and BlackBaud with the problem starting with the accessibility of the data itself. There isn’t a single hospital that doesn’t have mobile EHR Information which solves the need for multiple parties to have immediate access to various medical records and data. By doing so, this ensures that convenient access takes precedence over basic authentication and authorization security. Continuing in this manner and at this rate, data breach insurance premiums will soon rival that of medical malpractice premiums.
One side of the conundrum is that everyone is telling the healthcare community to innovate, adapt, and evolve into a digitalized society. Yet, one of the biggest reasons they are an easy target is because of the vulnerabilities that third-party vendors present if they aren’t secured properly. The other side of that conundrum is that outsourcing can truly reduce time, lower cost, and increase efficiency. You see, when people tell the healthcare community to innovate, they are correct, but they also forget to tell them to check the security of it. Technology is only as beneficial as the security behind it. Otherwise you are just using a “trojan horse” of sorts for someone else to gain access. Cybersecurity is not just one sided. It is for this reason that Steel Patriot Partners delivers an entire cybersecurity and compliance operations department. In as little as 8 weeks, we could increase your security posture by 80%, save your organization an average of 45% and complete the transformation in 25% of the time it would take to hire, train, supply and integrate an inhouse department. Our services are tailored to each one of our clients – giving you full control from the very start.
If any of the topics covered in this post caught your attention, or you would simply like to inquire how you can start a cybersecurity conversation, simply give us a follow on social media (Facebook, Twitter, LinkedIn), send us an email, give us a call at 703-297-4405 or contact us directly! Regardless of the method you choose, we look forward to hearing from you and – as always, we appreciate your time for reading our content! Stay blessed and stay secure!