Fortified Health Security, a leader in information security, compliance and managed services focused solely in the healthcare industry, has released its 2018 Horizon Report. This extensive report details the current state of cybersecurity in healthcare, new and existing threats and predictions for 2018.
“Just as the Enron scandal of the early 2000s triggered a change in accounting standards, experts predict that the Equifax breach of 2017 will have a similarly significant impact on the healthcare industry,” said Dan L. Dodson, president of Fortified Health Security. “One report suggests that over 40 percent of consumers would abandon or hesitate to use a healthcare organization if it had been hacked.*”
Healthcare organizations must strike a balance between enabling patient engagement initiatives and securing patient data. Unfortunately, there is no simple fix for this complex challenge. Organizations must develop and execute the fundamentals of security first, before exploring advanced solutions. This requires a defensive in-depth approach to cybersecurity that is grounded in a detailed HIPAA Security Risk Analysis and a companion corrective action plan.
2017 Year in Review
The Horizon Report provides a review of the state of cybersecurity in 2017 with a focus on the increase in the frequency of breaches in the healthcare industry. According to data provided by The Office for Civil Rights (OCR), hacking continues to be the biggest cause of breaches for the sixth year in a row. This year, 40 percent of all breaches were caused by hacking, which is a 10 percent increase over full year 2016.
“These numbers validate the fear of many organizations that hackers have momentum and breaches are happening more often than ever before,” said Dodson. “This breach data underscores the importance of a solid security program focused on the fundamentals of patching and employee education. Having a well-executed security program can significantly decrease the chance of a large-scale breach.”
2017 Security Risk Analysis Trends
In 2017, Fortified conducted a security risk analysis, OCR mock audits, HITRUST certifications and strategic security planning for the majority of its clients. Although varied in size, revenue, network complexities and geography, three common trends were identified: 1) Policies and procedures are weak, or don’t align with the actual implementation of safeguards; 2) Organizations lack concise asset inventories; 3) There is a lack of well-structured vulnerability management programs.
“It’s evident from this analysis that although healthcare organizations are busy with EHR transitions and upgrades, movements to the cloud and other IT and security projects, it is imperative that a priority be set on getting back to the fundamentals of risk management and good cybersecurity hygiene,” said Dodson. “We must commit ourselves if we want and expect to improve.”
Looking Ahead: Cybersecurity Outlook for 2018
The Horizon Report reviews Fortified’s predictions for 2017 and how they fared against reality, while providing a summary of lessons learned during the past year. The report also takes a look at what healthcare organizations can expect to experience regarding cybersecurity in 2018. Some of these predictions include:
- Double digit increase in breaches
- More variants of Wannacry ransomware
- Breaches due to business associate neglect on the rise
- Increased threat to IoT devices
“2017 showed us that we can no longer treat security as an IT problem: instead we must recognize it as a business issue and deal with it accordingly,” said Dodson. “Patch management programs are imperative and should be implemented alongside corrective action plans. And, moving forward, healthcare organizations must show progress against compliance standards.”