The extent to which cyber crimes are damaging organizations far and wide is still unfolding. The medical industry remains a prime target because they don’t often have the proper security in place to address such issues, and criminals place a high value on the information stored on their servers.
In many of these organizations there remains an inadequate culture of security, with hospitals or employees seemingly failing to follow best practices. This is either due to a lack of education, or the belief that the effort, including the cost of cyber security insurance in order to address the problem, is simply too burdensome. The rise in cyber attacks demonstrates that such education is vital and the cost to defend against these attacks is well worth it.
Many aspects of healthcare cyber security remaining unregulated
Federal regulation currently leaves healthcare developers and organizations to their own devices, so levels of interest and investment vary widely within the industry. In terms of IT, one basic issue that remains is a lack of data encryption.
Most clinicians working at hospitals and healthcare facilities will cite poor password selection and protection as a major concern, including the practice of working around them by sharing passwords, even posting them on monitors for all to see. Nearly half of the healthcare data breaches in 2016 were a result of insider threats, both unintentional and malicious, according to a report by Protenus, only adding to the problem.
Another serious issue that continues to be seen as a huge concern is the accidental exposure of patient data via IT snafus by hospitals or their vendors. The issue can stem from something as simple as making adjustments to network settings, which can leave a system open and vulnerable without anyone being the wiser.
Medical devices offer access to criminals
The issue of cyber security extends beyond primary computer systems to less obvious technologies that can provide back doors for hackers. A thief with the proper knowledge can use bedside monitors and scanners that connect with other hospital systems in order to gain access and steal information. Having cyber security insurance cannot prevent a breach from occurring, but it does provide assistance once an attack has occurred. Your clients need coverage to maintain operations during difficult times.