Author: KEVIN GOLAS
October is National Cyber Security Awareness Month, a global campaign run annually to raise awareness about the importance of cybersecurity. We’ve asked some of our leading security experts here at Absolute to chime in on some of the most pressing issues in cybersecurity today. In Part 3 of this series, we bring you insight from Kevin Golas, Senior Director, Investigations and Risk Management who brings extensive insight into the complexities of compliance, security architecture design and forensic analysis to enterprises and healthcare organizations. See Part 2 of this series: 5 Ways to Combat the Insider Threat.
The threat of cybercrime can be felt most strongly where its impact is most acute. Although threats to our critical infrastructure – electricity, financial institutions, transportation – are of paramount importance, it’s the increasing threats to healthcare that keep many of us security experts up at night. These threats have been steadily rising for many years, with headline-grabbing breaches from Anthem shaking many to their core… but it’s the repercussions of the loss of ePHI that have me worried.
We talk about the impact of data breaches on organizations, with healthcare data breach costs still 2.5 times the global all industry average at $380 per breached record, a sum which costs the healthcare industry as a whole many billions of dollars each year. But what about the impact to patient? That’s where my concerns lie. What happens when patient data is used in medical identity theft for years, only discovered when the collections agency comes calling? Or worse, when a patient receives incorrect medical care because the medical record is compromised by false updates? What happens to the patient who enters the hospital for care only to find all hospital systems shut down by ransomware? What happens to the patient if his pacemaker or MRI machine is hacked?
Healthcare technology has made leaps and bounds in terms of its ability to improve patient outcomes, and yet many technologies are being deployed before security concerns can catch up. We trust that we’ll receive the best care possible from our doctors, but we’ve only just begun to feel the impact of cybersecurity threats on patient care. So, what can healthcare organizations do to improve the situation?
Recognizing the greater potential fallout of healthcare breaches and the impact these breaches have on consumers, the incoming EU General Data Protection Regulation (GDPR) is set to enforce a new and higher set of data protection standards on healthcare organizations.