As cyberattacks increase in rural and critical access hospitals, IT budgets are stagnating (or even shrinking). With limited staff and little direction for IT initiatives beyond EMR system maintenance, rural healthcare is facing a bigger dilemma in 2018 than ever before: how can patient data be kept secure
More than 90% of healthcare organizations have experienced some sort of data breach since September of 2016, and nearly half of organizations have had at least two breaches during that timeframe.
Why the increase in attacks on healthcare?
As I’ve mentioned before, in the current marketplace, the value of medical records far exceed other personal information. Since the Equifax breach last year, the value of Social Security numbers plummeted because there are just too many out there to have any real value.
On the other hand, the value of health records remain strong—nearly $1200 per record. If you had the choice of hacking a healthcare office or hospital or any other office, which might you target?
96 percent of cyber security professionals agree that data attackers are targeting medical facilities—especially those with limited or no apparent investment in IT and data security.
The number one reason for hospital data breaches?
Budget constraints. Nearly 70% of hospitals facing data breaches have reported that budget limitations are the number one reason why they fall victim to data breaches or ransomware attacks. Many say that because we cannot increase our IT budgets, we have to protect ourselves with what we have.
But are budget constraints really the reason behind under-protected hospital networks?
Cybersecurity experts see reasons such as budget constraints to limit cybersecurity efforts, but most identify lack of focused security initiative as the number one reason rural hospitals fall victim to attacks.
The cold truth is that budget limitations is NOT necessarily the major reason for having an under-protected network that falls to data breaches and cyberattacks.
The real reason lies in not optimizing resources to confront current security demands. Here are 3 big examples where your hospital may be spending money on security, but might not be actually protecting your staff and patients from data breaches and ransomware attacks:
Layering new technology on old—even hospitals with strained budgets have invested some money in their cybersecurity. And most hospital IT departments end up purchasing new routers, email filtering programs, or software without addressing legacy systems and hardware. The problem with doing this is that the issues and security vulnerabilities with legacy systems—say having an old operating system on your server or using dated equipment—may be the very vulnerabilities cyber criminals are looking for when plotting their next big attacks.
No prioritization of security risks— instead of figuring out which security risks are the biggest, most IT departments prioritize issues based on when they pop up. Even though you might having serious patching that needs done on your network—some of which may open your network up to big ransomware attacks—your IT department may not have gotten to patching yet because getting a printer online may have been an issue to come up before a recent patch.
Most IT Departments do not prioritize issues based on the risk of data exposure, data breach or hack, which leaves them even more vulnerable when cybercriminals are targeting organizations like yours.
No plan for recovery—without a backup plan, many IT Departments are simply concerned with day to day operations. Even when they have a backup and disaster recovery plan, they might not have tested it in years (when they first implemented the initiative). The problem with this is cyberattacks are always unexpected. Most hospitals that go down for weeks on end have never tested their backup and disaster recovery systems and processes. If you have no process or have not tested that process recently, you are making a potential disaster harder to recover from (and even when hospitals recover, they often are at greater risk of getting sold to the highest bidder!).
With hospital budget stagnating for the past several years, many administrators are in a bind: do I invest more in cybersecurity or do I make sure my hospital is dedicating resources to making sure that patients are getting the best care possible.
Is your hospital struggling with keeping up with the latest ransomware attacks? Do you understand where you’re spending your money? Are you sure you’re allocating investments that actually will keep your hospital safe?
Contact Us TODAY for a free ransomware assessment!