Vlog: 3 Cybersecurity Truths Healthcare Orgs Need to Know

With high-profile cyberattacks consistently making headlines, many organizations are wondering if they will be sufficiently protected when an attack hits. According to BDO’s Global Cybersecurity Group, the cost of cybercrime could reach $2.1 trillion globally by 2019. 

Healthcare organizations need to be particularly vigilant when it comes to cybersecurity, as they are often more susceptible to attacks. The WannaCry cyberattack in May 2017 impacted 47 of the U.K.’s 248 National Health System (NHS) trusts. This attack was likely only the first of many of its kind, and the next one could be coming for U.S. hospitals. Here are three truths healthcare organizations should know about cyber risk.
  1. Health information is up to 17 times more valuable than credit card data on the black market. Cybercriminals see healthcare organizations as valuable targets, as hospitals host bulk data of personal health info, payment information, personal identification information, and medical research. And healthcare data has enduring value—it can’t be cancelled the way a credit card can.
  2. Solutions can be difficult to implement at hospitals. Implementing a culture of security at healthcare organizations can be difficult, as many prioritize patient data accessibility over security. The move toward longer episodes of care and value-based reimbursement is also driving more data sharing among providers. While integration may improve patient care, it leads to more entry points and attack vectors. An attack on one organization could impact other organizations in their supply-chain. 
  3. An attack on a hospital can cause the most damage. If (and when) a cyberattack hits a hospital, it can be more damaging than an attack on any other organization, as accessing critical patient data becomes a literal life or death situation. Hospitals may be willing to give in to ransom demands to access critical medical information.
With these challenges in mind, protecting hospital data is possible. Traditional solutions like anti-virus software may no longer be sufficient to protect against sophisticated attacks. User awareness, network analytics and threat detection are three vital elements to securing your organization.

Watch this video to learn more about what your organization needs to know to be prepared in case of a cyberattack: 

Don’t miss the latest BDO News and insights – subscribe here