Cyberattacks are on the rise and healthcare is a primary target.
During an executive roundtable at Becker's 9th Annual Health IT + Digital Health + RCM Meeting, Nelson Carreira, CDW healthcare strategist, shared strategies and best practices to help healthcare organizations boost their security posture.
Three key takeaways were:
- Cybercrime is growing, becoming more sophisticated and costly, and is increasingly aimed at healthcare. According to Mr. Carreira, the volume of cyberattacks is increasing by 71% year-over-year and 32% of all cyberattacks are in the healthcare sector. The cost of recovery after a breach at a large enterprise is $100 million and it takes 28 days to recover, according to research compiled by Mr. Carreira.
"Advanced attacks are going to get worse," Mr. Carreira said. "Deep fakes are real. Threat actors are starting to try to impersonate people. It's definitely time to add layers of protection."
- Healthcare organizations need to embrace four key components of cyber resiliency.
- Risk assessments. These are comprehensive evaluations of your environment, controls and policies based on a framework that includes feedback and remediation suggestions.
- Standard operating procedures. These procedures encompass the way you ensure employees understand the technology, tools, processes and governance of your cybersecurity system.
- Vulnerability management. Organizations need a system to monitor vulnerabilities in real time and prioritize addressing them
- Identity governance. A single silo protects identity and credentials, which successfully balances user experience with security.
- Cyber insurance and federal legislation may provide additional layers of protection. Participants discussed the availability, cost and requirements of cyber insurance programs, as well as proposed federal legislation designed to address healthcare data security.
By focusing on these four areas of cybersecurity as well as considering additional protections, such as cyber insurance, healthcare organizations can boost their security posture in this increasingly dangerous and expensive cyber environment.