Healthcare data breaches started slowly in 2019 but saw gradual increases through January, eventually averaging one per day for the month. Of the 31 security breaches in January, hacking and other IT security incidents such as ransomware and malware attributed to more three-quarters of the incidents. For January, a total of 483,000 individuals were affected. For the quarter, there were a total of 94 breaches. Of the 94, 60 were either hacking or an IT incident.
With these statistics constantly on the rise, are you doing enough to protect your organization? Here are four recommendations to keep your security compliant and increase cyber awareness.
3. Review and Reduce System Access: One of the biggest mistakes in healthcare organizations revolves around setting user access. It is prevalent for users to have more access then they need to do their job leading to several issues, including the misuse of credentials. IT should always be assessing the access needs for employees and limiting the amount of access based on these needs. Your employees should only have the bare minimum amount of access to do their jobs. This protects them and protects the organization. If you are not continually monitoring system access, then your organization is more open to a devastating cyber attack. If an employee's credentials become compromised, but access has been minimized, then a hacker can only get as far as those credentials allow.
4. Reward Awareness and Good Security Posture: If your employees are continuously trained, the opportunities that hackers have to infiltrate your organization are lessened. Proper training in maintaining a good security posture can also help employees identify hacking attempts or other cyber attacks. It is important to encourage your employees to report any suspicions they might have with easy to follow procedures and rewards for doing so. While training is imperative, awareness is the most valuable asset of trained employees.
If healthcare organizations consider the four recommendations above, the chances of becoming a statistic on the HHS Wall of Shame are reduced. If an organization is successfully hacked, the financial ramifications are great, the negative publicity is high, and the confidence of the community served is low. Don’t become a statistic. Make sure cybersecurity is high on the list of priorities. Remember, only you can prevent ransomware.