Jan. 2, 2019
Dive Brief:
- To combat security threats in the health sector, HHS
issued a voluminous report that
details ways small, local clinics and large hospital systems alike can
reduce their cybersecurity risks. The guidelines are voluntary, so
providers will not be required to adopt the practices identified in the
report.
- The four-volume report is the culmination of work by
a task force, convened in May 2017, that worked to identify the five most
common threats in the industry and 10 ways to prepare against those
threats.
- The five most common threats are email phishing attacks, ransomware
attacks, loss or theft of equipment or data, accidental or
intentional data loss by an insider and attacks against connected medical
devices.
Dive Insight:
Weaknesses that are exploited in a health
system's cybersecurity system can come with a steep price tag. The average cost
of a data breach for a healthcare organization is $2.2 million, according to
the latest report from HHS. In 2016, the U.S. healthcare system lost $6.2
billion due to data breaches, the department said.
The task force's recommendations stem from
a mandate in the Cybersecurity Act of 2015 that called for the industry-led
report to mitigate risks.
As cyberattacks increase, HHS said it's
imperative to improve the security and safety of patients.
"Technologies are vital to the
healthcare industry and help provide life-saving treatments and improve patient
care. However, these same technologies are vulnerable to myriad attacks from
adversaries, ranging from criminals and hacktivists to nation-states," HHS
said in a statement.
The mindset of employees should be similar
to the expectations around hand washing and hygiene, the report
states. "Health care organizations must practice good 'cyber hygiene'
in today's digital world, including it as a part of daily universal
precautions," it reads.
For each potential threat, the report
details recommendations on what organizations can do to lessen their risk. When
it comes to data theft or loss, the report encourages providers to maintain a
complete and accurate inventory of its current assets. This helps to to
mitigate threats in the event of a lost or stolen smart phone, laptop or thumb
drive.
Among myriad other suggestions, the report
also recommends training staff to spot suspicious emails in an effort to thwart
phishing attacks.
A recent Kaspersky Lab report found that a
third of healthcare employees said their organizations were targeted by
cybercriminals more than once. And a report from JAMA
found that more than half of all data breaches are triggered internally.
https://www.healthcaredive.com/news/hhs-issues-voluntary-guidelines-amid-rise-of-cyberattacks/545096/
No comments:
Post a Comment