The report details current cybersecurity challenges facing healthcare organizations
and provides a proven process for identifying and protecting patient information
Today, Fortified Health Security, a leader in cybersecurity, compliance, and managed services, dedicated to helping healthcare organizations overcome operational and regulatory challenges, released a mid-year update to its annual healthcare cybersecurity Horizon Report.
The report highlights the growing number of cybersecurity attacks hitting the healthcare industry in the form of phishing campaigns, ransomware attacks, and breaches initiated through email. In fact, email attacks accounted for almost 28% of all reported breaches thus far in 2018, an increase from 2017.
Other mid-year cybersecurity data highlighted in the report includes:
- Provider organizations have been compromised more this year than health plans and appear to be more heavily targeted. Through the first five months of 2018, there have been 149 breaches reported with over 2.8 million patients impacted versus 134 breaches reported and 2.0 million patients impacted during the same period in 2017.
- The number of reported breaches by Health Plans and Business Associates has significantly increased through the first five months of 2018. There were 24 breaches reported by Health Plans versus 15 during the same period in 2017, representing a 60% increase in the number of Health Plan entities impacted.
- There were 12 breaches reported by Business Associates versus seven during the same period in 2017, representing over a 70% increase in the number of Business Associates impacted. The total number of patients impacted by those breaches increased over 40%.
“While we have made progress in some areas and continue to invest in cybersecurity as an industry, most healthcare organizations are not allocating enough capital to keep up with the momentum of our adversaries,” said Dan L. Dodson, president of Fortified Health Security. “It’s important to remember that training and awareness should be the cornerstones of any solid cybersecurity program as having the right people in place continues to be our biggest challenge.”
The human capital battle that many organizations are experiencing is also discussed in the Report and Fortified provides advice for deploying a comprehensive cybersecurity risk program that considers people, process and technology.
Fortified also explains how protecting connected medical devices continues to be a concern for healthcare providers and device manufacturers and shares its thoughts on the viability of the FDA’s recently released Medical Device Safety Action Plan.
“While the FDA’s plan is well-intended and addresses certain aspects of the risks associated with connected medical devices, there are several gaps that still need to be addressed,” said Dodson. “Also, until the FDA, HHS and by default the OCR, get on the same page and force manufacturers to take security seriously, and hold them accountable, the industry will continue to struggle, and the risk of catastrophic failure will increase.”