Home » Security Bloggers Network » The Verizon PHIDBR: A Wake-Up Call for Healthcare Organizations

The Verizon PHIDBR: A Wake-Up Call for Healthcare Organizations

The healthcare industry continues to be challenged with securing patient health information. According to the Verizon Protected Health Information Data Breach Report (PHIDBR), 58 percent of all security incidents involved insiders, ransomware accounts for 70 percent of all malicious code and alarmingly basic security hygiene is still lacking at many healthcare organizations.

The security challenge of PHI breaches is common at both large healthcare systems as well as smaller healthcare organizations. In other words, all healthcare organizations, including health insurance, must take steps to ensure that PHI is secure, as the susceptibility to an attack is not dependent on the size of the organization.

As a result of increasing risk to patient health information, healthcare organizations must make greater investments in securing their critical assets.

Although healthcare has long had a reputation of lacking the resources to invest in cybersecurity, due to increasing risk to patient care and safety, it is essential that healthcare organizations weigh the cost of a breach with the upfront investment in securing PHI. Healthcare organizations not only incur costs associated with HIPAA fines in the event of a breach, there are also the attendant costs of notification, credit report monitoring for affected patients and reputational damage, which leads to the loss of patients. It is imperative that healthcare organizations not view cybersecurity measures to protect PHI as solely the responsibility of the CISO. The fallout from a cyberattack affects the entire healthcare organization.

To that end, there are a few critical steps that healthcare organizations must take to secure PHI and ensure patient health and safety.

Visibility

Ensuring that patient health information and critical assets are secure from cyberattacks starts with visibility. Healthcare organizations must have visibility to unauthorized changes and misconfigurations on all critical assets — including EHR systems — that could lead to (Read more...)