Over the last decade the healthcare industry has become a leading target for hackers and bad actors. The amount of information stored in patient records is a literal goldmine for thieves who are looking to commit fraud or extort ransoms, and these targeted attacks are only increasing. So what can you do to keep your patients, hospital, and employees safe?
1. It's not enough to just "talk" cybersecurity: According to a study by HIMSS Analytics and Symantec, 82% of the healthcare organizations who participated, claim to discuss cybersecurity at a high level, however only 40% acknowledge cybersecurity as a regularly scheduled item. Rather than be looked at as a minor inconvenience or technical challenge, cybersecurity needs to be regarded as a business risk, and addressed as such.
2. You get what you pay for: According to the same survey, 75% of healthcare organizations spend just 6% or less of their IT budgets on cybersecurity. Additionally, budget, staffing and skill set are the biggest barriers organizations have in achieving higher levels of security for themselves and their patients. In addition to reviewing your budget and allocating more toward cyber defense, organizations should also consider creating new roles for specific cyber risks and challenges.
3. Change starts from the top down: If your C-Level or board isn't taking cybersecurity seriously, neither will your employees. And since employees account for almost 75% of all security breach incidents, education, vigilance and regular testing can mean the difference between recognizing a phishing scam before falling victim to it or being on the paying end of a multi-million dollar medical data breach settlement.
For more best practices head over to HealthTech to read the original article in its entirety. For more information on creating a phishing education and training program for your organization, contact us today: firstname.lastname@example.org or (866) 797-5699.