call us today (720) 432 - 1419
Reality Check
The following information serves to provide some high-level insight into current and emerging cyber threats health care organizations are facing.
Evolving Criminal Tactics
Ransomware attacks continue to be conducted but there has been a notable shift in tactics, with many ransomware gangs opting for data theft and extortion without encrypting files. (1)
Common Threat Types
Top cyber threats in the healthcare sector (2) included
-
ransomware (33%)
-
unauthorized access (28%)
-
business email compromise (28%)
Call To Action
American Hospital Association provides real perspective and call to action by any health care practitioner:
Cyber Safety is part of Patient Safety (3)
For Sale:
$250 - $1,000 per record
Value of Protected
Health Information (PHI) on the Dark Web. PHI continues to be one of the most
lucrative items on the underground market, ranging
from $250 to $1,000 per record, compared to $20 per drivers license record. (3)
Grim Facts
As of the beginning of 2023 (5):
-
By June, at least 15 health systems had publicly acknowledged ransomware attacks since the start of the year
-
As of August 1, the U.S. Department of Health and Human Services had 369 healthcare breach reports filed
$175,000
Cost of average data breach for small healthcare organization
(1-10 practitioners) (4)
A Translation: Threats, Vulnerabilities, Impact, and Practices
The discussion above on threats and vulnerabilities applies similarly to cybersecurity. Threats to your organization may include phishing attacks, malware (e.g., ransomware), insider threats, lost equipment, attackers, and many others. These threats exist at some level for all healthcare organizations.
As with the flu scenario below with the college athlete or the elderly person, the impact of these threats to your organization depends on the ability of the threat to exploit existing vulnerabilities.
Medical and Cyber Perspective
1
Vulnerabilities
Medical View
-
Weak immune system
-
no flu shot
-
lack of hand washing
​
Cyber Security View
-
No endpoint protection & ongoing monitoring
-
Out-dated software
-
No risk awareness
-
Weak cloud-service environments
​
2
Impact
Medical View
-
Patient is stricken with a case of the flu
​
​
Cyber Security View
-
Ransomware attack succeeds
-
Protected Health Information (PHI) is accessed by unauthorized 3rd parties
-
Public disclosure of PHI diminishes patient trust
3
Practices
Medical View
-
Receive a flu shot
-
wash hands frequently
-
use hand sanitizer frequently
​
Cyber Security View
-
Implement Next-Generation AntiVirus (NGAV) (LITE offering)
-
Ongoing monitoring and inventory of software applications (CORE offering)
-
Implement best practices and training (PRO offering)
A HIPAA Compliance Champion Your Side
The RESOLUTE:infrastructure component of our fully-managed cyber risk mitigation service addresses the prevention, detection, remediation, and reporting requirements covered by HIPAA Security Rule and HITECH when configured in close coordination with an organization.
Addressing cyber risk in the health care sector requires a holistic approach. We can assist your organization elevate its cyber risk mitigation efforts and be better prepared against tomorrow's cyber threat in the health care sector.
Furthermore, it aligns with HIPAA’s Administrative Safeguards Requirements §164.308(a)(1), §164.308(a)(5)(ii)(B), and 164.308(a)(6)(ii) for security violations and incidents, and malware protection.
