5 cyberthreat trends to watch in health care
INSIGHT ARTICLE |
With the rapid expansion of electronic access to protected health information (PHI) and other sensitive data, as well as the increasing value and unlawful uses of such data in underground markets, the health care industry is becoming a vulnerable and attractive target for cybercriminals. At RSM’s recent webcast, Protecting your PHI from cybercrime, our presenter Joseph Benfatti, partner, risk advisory services, shared some important cyberthreat trends impacting the health care industry.* They include:
- Compliance-based security is no longer enough in the current security landscape. A combination of both federal mandates and risk assessments is needed.
- Government agencies are weighing in. Beyond the Department of Health and Human Services, agencies such as the Food and Drug Administration are weighing in on cybersecurity rules in regard to medical and radiological devices.
- Third-party hacking is on the rise. Related business entities are usually less sophisticated in regard to the Health Insurance Portability and Accountability Act and state mandates. Hackers are beginning to target these associated businesses that handle sensitive data for larger health care organizations.
- Nation-state attackers are focusing on health care information repositories. Foreign governments are now going after PHI to find high-ranking military personnel information, as well as information on corporate executives.
- State breach laws are becoming as complex as federal mandates. Additionally, there are generally different guidelines and time frames for notifications per state.
What can health care organizations do to protect themselves from these mounting threats? Benfatti’s recommendations include:
- Diligently evaluate and monitor third-party relationships
- Develop consistent, common security policies across divisions and platforms
- Implement an incident response plan with continuous monitoring
- Activate cybersecurity insurance, but be aware of the changing nature of the coverage
*Compiled from RSM research, Norse and SANS Health Care Cyberthreat Report