Healthcare & Long Term Care Cyber Hygiene
It’s no secret there has been an increasingly sophisticated and widespread effort to target the healthcare industry with cyber-attacks. Your industry is one of the most desirable industries to cyber criminals due to the valuable personal information you store.
You may think that cyber-attacks only affect large hospital organizations, but statistics actually show that 58% of malware attacks are on small businesses (2018 Data Breach Investigations Report). Hackers are looking to these smaller organizations as targets that require less time and effort, with money to exploit.
Some of the most common and current cybersecurity threats to the healthcare industry include:
- Email phishing attack
- Ransomware attack
- Loss or theft of equipment or data
- Accidental or intentional internal attacks
Cyber Measures Healthcare Organizations Must Have in Place
Given the trend in threats targeting the healthcare and long term care industry, cyber insurance carriers are more cautious than ever to safeguard themselves. Carriers are verifying that the most basic security measures are in place to determine both insurability and rate at your next renewal.
- Multifactor authentication (MFA) on email, remote access AND privileged users as an extra layer of security to verify the identity of the person trying to gain access to an account.
- Data management, backup strategy and security can vary and carriers want to know more. Out-of-date backups or backups that aren’t segregated aren’t worth much when you experience a system-wide compromise. It’s important to implement a proven and tested data backup and recovery. Even if your organization outsources data management, it’s good to make sure that your vendor has access controls in place and that you are running security checks on your vendors.
- Privileged Access Management (PAM) sets policies and procedures to ensure the security of sensitive data and special access permissions for users, accounts, processes and/or systems.
- Endpoint Detection and Response (EDR) for continuous and automated real-time detection to respond to cyber threats like ransomware and malware. The days of firewalls and antivirus software aren’t enough for today’s advanced cyber criminals.
- Regular employee education & training. Threats are not only external, but internal, with one of the leading causes of loss being human error. On average, a person receives 80 emails per day. Train staff to recognize suspicious emails and when a call to action is needed.
- Email filters (aka spam filtering) to allow the software to flag spam/phishing content, and automatically move to a separate folder.
Key Takeaways
Healthcare organizations are being targeted by cyber criminals at a growing rate due to the valuable personal information they store. At the same time, cyber insurance carriers are becoming more cautious of insurance placement, and are requiring organizations to have security safeguards in place in order to obtain coverage.
Healthcare organizations would be well-served to evaluate their current security programs and plans, and update them to current standards in order to obtain reasonable cyber insurance coverage at your next renewal.
Reach out to your M3 account executive to discuss your current cyber coverages, or risk management practices you can put into place in order to better protect your organization, employees, and patients.
Sources: