According to a new study conducted by Black Book Market Research, healthcare breaches are likely to triple in the coming year. With the growing concern surrounding healthcare cybersecurity, the study as well as cybersecurity best practices are discussed below.
2020 State of Healthcare Cybersecurity Industry Report Discoveries
The Black Book Market Research study, which surveyed 2,464 security professionals from 705 healthcare organizations, aimed at uncovering security gaps and vulnerabilities that leave organizations susceptible to healthcare data breaches.
According to the data collected, there is a 300% increase in vulnerable healthcare organizations as compared to 2020, with 60% of surveyed healthcare organizations (1,500 organizations) considered prime targets for large-scale data breaches affecting 500 or more patients.
Additional findings determined that 75% of hospitals, health systems, and other covered entities are unprepared to handle a cyberattack should they be targeted by a threat actor. 96% of surveyed security professionals stated that threat attackers have become more advanced than the security mechanisms in place to protect sensitive data.
In another Black Book survey, in which 291 healthcare human resources executives were surveyed, it was reported that health IT roles can be difficult to fill, often taking 70% longer than other IT jobs to fill. An additional 66 CISOs of health systems were also surveyed, confirming that experienced cybersecurity professionals were unlikely to look for jobs in healthcare.
The gap in healthcare cybersecurity, and the lack of experienced IT professionals in the health sector, increase the likelihood of healthcare organizations being breached. These cybersecurity vulnerabilities were compounded by the increase in a work-from-home environment, with 90% of healthcare workers that work remotely lacking updated security guidelines or training to help them keep protected health information secure.
Healthcare Cybersecurity Best Practices
There are several ways in which a healthcare organization can decrease their likelihood of falling victim to a healthcare breach.
Security risk assessment.
Each year, healthcare organizations must complete a security risk assessment (SRA). An SRA assesses an organization’s current security measures against HIPAA standards. This allows vulnerabilities in security measures to be identified.
Remediation.
To ensure healthcare cybersecurity, organizations must address vulnerabilities uncovered by completing an SRA. Remediation efforts involve creating a plan for how an organization plans to address security gaps.
Policies and procedures.
Policies and procedures are necessary for the protection of sensitive data. Developing a work from home, and bring your own device policy, are essential for providing guidelines to remote workers on maintaining data security.
Employee training.
The majority of healthcare breaches occur due to human error. As such, it is important to train employees on cybersecurity best practices, as well as HIPAA basics.
