The growing threat and frequency of data breaches are serious concerns shared by healthcare organizations across the industry. Pernicious cyberattacks and breaches have become the new normal, from the now infamous 2017 WannaCry ransomware attack to the 2019 American Medical Collection Agency data breach that exposed the personal health information (PHI) of nearly 12 million patients.

Halfway through 2019, the Protenus Breach Barometer calculated that hackers had already breached 32 million patient records, noting that 88% of those security incidents were caused by hacking. This staggering number was already double the amount of breached patient records in 2018 that totaled 15 million, and six months remained in the year. What’s more, a 2019 survey found that 83% of surveyed healthcare organizations saw an increase in cyberattacks over the past year, with 66% admitting those attacks have become more sophisticated.

Healthcare is one of the most targeted industries for cyberattacks—alongside manufacturing and technology according to the Global Threat Intelligence Center—because of the high value placed on PHI and the relative ease in hacking aging legacy equipment that wasn’t designed to withstand sophisticated strikes. For example, patient health data and sensitive billing information are worth between 10 to 40 times the value of a credit card number on the black market.

It’s not difficult to imagine the vast harm that can befall a targeted revenue cycle manager or healthcare organization—the ding in reputation, risk of noncompliance, financial fallout and potential threat to patient safety.

Still, there are concrete steps that healthcare organizations and hospitals should take to protect patients, employees and their bottom line. As interconnectivity increases through the number of linked medical devices and as patients and providers continue to share health information back-and-forth, the threat of network exposure grows. That’s why the need to create strategic, vigilant cybersecurity measures to protect organizations is crucial.

Here are some of the ways healthcare leaders and organizations across the industry are circumventing network breaches and threats posed by bad actors.

1. Moving beyond software. Though a focus on shoring up internal hardware and updating aging equipment has been a focus in years past, organizations must also look inward. According to a 2017 State of Privacy and Security Awareness Report, 78% of healthcare employees demonstrated a lack of preparedness with common privacy measures and security threat scenarios. Ongoing employee security training and education is critical in mitigating the risk posed by phishing attacks or the additional complexity of securing the devices of work-from-home healthcare employees, like medical debt collectors.
    
2. Focusing on enterprise-wide solutions. It’s easy for hospital departments to become siloed from one another, with each adhering to separate protocols. But in an environment of increased risk, it’s imperative that healthcare providers establish a rigorous set of policies and accountability programs that span the entire organization. This uniformity is essential, especially in developing and enforcing a set of functional standards or policy expectations.
    
3. Seeking outside help. Healthcare providers aren’t expected to be cybersecurity experts. This is especially true for small-to-medium-sized organizations that may not have an IT department equipped to handle the nuance involved in setting up complex security processes, controls and checkpoints. That’s why, according to a recent Black Book survey of C-suite leaders on healthcare cybersecurity, global healthcare cybersecurity spending is expected to exceed over $65 billion over the next five years.
    
4. Look beyond compliance. The threat of noncompliance is a crucial concern for revenue cycle managers and leaders from organizations of all sizes. However, although maintaining compliance on the national and state level is as complex as it is urgent, more providers are challenging themselves to meet security goals that surpass regulatory rules. By performing consistent, internal audits, instituting “minimum access necessary” rules, and adding an extra layer of accountability, healthcare organizations can champion cybersecurity protection and thwart potential risks.

Eager to know more about the steps Parallon takes to keep your patients’ PHI protected? Contact one of our experts to learn more.