Technology has become an essential part of the business for most industries, not the least of which is healthcare. Healthcare IT in particular, though, comes with unique and substantial security threats, and there’s never been a more important time to discuss how to navigate them. In fact, a 2015 cybersecurity survey conducted by HIMSS found that two-thirds of the Health IT professionals surveyed had experienced a recent significant security incident while, ironically, reporting average confidence levels in terms of cyber attack defense preparedness.
Organizers of 2015’s HIMSS—the nation’s largest healthcare IT conference—manned a Cybersecurity Command Center to address this concern. This year, they’ve brought the command center back to HIMSS16 and plan to increase the attention they pay to the subject of cyber security.
There are just as many reasons for this cybersecurity-focused program for healthcare’s tech vendors and any businesses involved in the continuum of care as there are potential takeaways from the info-packed 2016 conference. Let’s break it all down.
Today’s Cybersecurity Landscape by the Numbers
Besides the major finding that confidence in current cybersecurity practices contradicts the percentage of reported incidents, other telling data came from 2015’s HIMSS Cybersecurity Survey:
- 87 percent of respondents said information security was a critical business priority.
- 81 percent of respondents believed they needed more innovative and advanced tools to combat threats.
- The internal security team identified 51 percent of incidents.
- 62 percent of incidents caused limited disruption to IT systems, while 21 percent resulted in loss of patient, financial or organizational data.
Another study conducted by the Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection and information security policy, revealed some alarming data. In its Annual Benchmark Study on Privacy & Security of Healthcare Data, The Ponemon Institute identified a trend toward criminal exploitation of healthcare data by way of cyber attacks – growing by 125 percent over the last five years. According to the Poneman Institute, cyber criminals recognize two facts about the healthcare industry:
- Organizations (including third-party vendors) that deal with health information manage a treasure trove of financially lucrative personal data.
- The majority of these businesses do not have the resources, processes, and technologies in place to prevent and detect attacks and adequately protect healthcare data.
Healthcare Cybersecurity Goes Deeper than Potential Data Loss
The impact of all those security incidents revealed by the 2015 HIMSS survey respondents—recall that two-thirds had experienced one—goes deeper than surface-level data loss. Should any of these instances have resulted in the compromising of the confidentiality, availability or integrity of ePHI, it would have resulted in non-compliance (or worse, a total breach) of HIPAA regulations. In both instances, severe fines and penalties could result.
Healthcare organizations and business associates dealing with the transfer or storage of health information are constantly asking questions about HIPAA compliance, and many companies in the healthcare sector have concerns about what they need to do to become, or to remain, HIPAA compliant.
There is a growing realization of the impact third-party vendors can have on the privacy and security of healthcare data. As the Ponemon Institute study underscores, today’s reality includes constant transmission of sensitive health information and the emergence of new threats on a daily basis. With multiple points of access, healthcare organizations and their business associates are at significant risk of data breaches from criminals who are becoming savvier about acquiring and exploiting personal health information.
In response, our team at OnRamp is welcoming visitors, by appointment, to discuss several of our newest offerings at HIMSS16—two of which relate directly to a need for deeper IT security measures, if not to protect against a malicious attack, then to detect it when it happens, and stop it in its tracks.
Our team attending the show will be available to discuss our HIPAA-compliant hosting solutions and several managed security services including, Advanced Log Management and Advanced Threat Management, solutions designed specifically to address today’s cyber threats and help businesses not only remain compliant, but secure as well. If your focus is on doing all you can to protect your company, your private patient data, and the security of all involved, now is the time to talk about solutions that can help achieve that goal.
What to Expect from 2016’s HIMSS Cybersecurity Command Center
According to HIMSS16, this year’s Cybersecurity Command Center at the conference will allow attendees to:
- Hear a variety of experts speak on the cyber threat landscape and how threats are being tackled.
- Attend over 28 educational sessions that will allow you to stay up-to-date on current cybersecurity issues.
- Learn the best defense strategies and newest technologies that can help keep organizations safe from cyber attackers.
- Take a number of challenges that test cybersecurity knowledge, including the Catch Me If You Can challenge on detecting advanced PHI threats, the Intel Interactive challenge covering breaches and the Find the Cyber Threat Challenge to test aptitude in the identification of tricky attack surfaces.
- Respond to the 2016 HIMSS Cybersecurity Survey that provides data on the current culture of cybersecurity among healthcare IT organizations, which will only serve to make HIMSS17 better and full of more applicable content.
What Does the Future Hold?
Without question, the future promises increasing numbers of cyber attacks. While organizations dealing with sensitive health information are beginning to make investments in the solutions needed to protect this data, the cyber threat environment is constantly changing and many businesses have little or no confidence in their ability to detect all patient data loss or theft.
This reality underscores the vital importance of staying abreast of the latest cyber security tools and industry information—many featured at HIMSS16. We hope to see you there!
Additional Resources on This Topic: