Health

Preparing for the Inevitable: Protecting Hospitals and Physician Groups From


If you are in the health care industry, you understand why your records are valuable. PHI records go for as much as $1,000 each on the dark web compared to $5 for credit cards and $1 for social security numbers – you can see the mark up.

It is estimated by some authorities that ransomware cost the world $20 billion in 2021. That number is expected to rise by $265 billion by 2031.

With October being Cybersecurity Month, it’s a good time to self-evaluate your cybersecurity response plan and other measures that show strengths and weaknesses. The sensitive nature of data collected coupled with the low tolerance for system down time has made the health care industry a prime target for cyber crime. It is more than likely that a health care provider is going to get hacked. The question is: how will that play out?

Worst case, you suffer a breach and successful ransomware attack.

If not ransomware, but just a successful breach or access of your data, you must access and respond to the breach and comply with the requirements of HIPAA, including your audit and notification requirements.

In either of the above, once you get through the initial minefield, you must determine your duty to notify the Office of Civil Rights, and then you may have to deal with fines, other sanctions or the OCR version of the OIG corporate integrity agreement.

Why it matters

  • Your systems, operations, patients and reputation will be impacted.
  • You might have legal and regulatory exposure and legal liability.

What are the bare minimums that you need to protect yourself against bad acts?

  • Multi-Factor Authentication – you want to make sure that who is on your system on a remote location has authentication to be there.
  • Software Updates – you can go to your server provider settings to make sure that your security suites will be automatically updated to your system when they are readily available.
  • Phishing – 80 to 90 % of all ransomware attacks start with some type of phishing incident. They are going to need authorization and using phishing emails is still the easiest way to do that. There’s no better time than to send out a phishing exercise to see how many people hit the link and will help establish a good baseline.
  • Review Access and Rules – Look at who has access to your computer systems and what documents they have.
  • IT/Cybersecurity Team Members – We know now that you must bring in your IT and cybersecurity people into decision making measures. The days of IT people just looking only at your service and monitors is a day gone by – you need them to look at your cybersecurity as well. Have experienced cyber counsel on your team, if a breach occurs, your response and remediation need to begin instantly.
  • Test Back-Ups – test your systems now. If you have a backup, try to upload all your data on to a system to see if you are really prepared.

Absolute must dos

According to the security firm Sophos, in 2021 37% of all businesses and organizations were hit by ransomware. Recovering from a ransomware attack cost businesses $1.85 million on average.

Since 2018, the bad guys are going for the triple threat – they use ransomware, they encrypt your data and now…



Read More: Preparing for the Inevitable: Protecting Hospitals and Physician Groups From

You might also like More from author

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Live News

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously