09 Aug 2017
If you’ve kept up with your cybersecurity news, then you know that the medical industry has a long road ahead of itself if that number is going to go down in 2017. For example, did you know that on average there was one health records breach every day in 2016? What about that the month of January actually had 31 breaches according to the Protenus Breach Barometer? The good news is that January 2017 actually had less breaches December 2016 which had 36 breaches. The bad news is that 388,307 health records were still breached in January. So are hackers just way ahead of healthcare providers? The answer might surprise you.
While hackers are the ones who launch attacks and access health records, nearly 60% of the compromised health records from January were breached because of people within the affected organization. We can’t say which breaches were malicious or by accident, but how many people could possibly infiltrate a healthcare provider through employment and leak information? According to the Protenus Breach Barometer, its nearly an even split between malicious breaches and accidental ones. Which means you don’t only have to prepare for wrongdoing, but you have to combat ignorance as well.
One solution to employee wrong doing is adding infrastructure to your network that requires permissions to access sensitive information. Building walls and checks that require administrative privileges to pass will protect sensitive information from would be hackers while also adding protection from outside hackers. But if someone inside your organization is determined to access something, given enough time they will find a way. With that in mind, the best way to prevent breaches is to inform and prepare every employee as well as possible so that they know what information they should protect and how to do it. If employees know what information someone would want to access and how to protect their passwords and data, then they can be your eyes and ears within the company.
By no means are we suggesting you to purge your employees or spy on your co-workers, but creating an informed culture will serve a similar role while also preventing honest mistakes. You can’t just look out for the obvious phishing emails or rely on a spam filter. Just like computers people have vulnerabilities, and with a little research a hacker could find information that sets their email apart from the regular spam. Just think about how much information you can find on a stranger from a public conversation on Facebook. Add that to all the current and past information on their profile and you can easily see how hackers find enough information to craft a seemingly legitimate email. Then, all it takes is a few clicks and they’re in the network. We’ve even written about hackers who hide malware in attachments like resumes and enter networks through H.R. departments. When it comes to all the costs associated with medical record breaches and the high number of malicious and accidental leaks, it makes sense to look for cybersecurity awareness in any candidate for any job.
It’s not fun to think of your employees or coworkers as potential breaches, but in a day when there is an even split between malicious insider and accidental breaches you have to prepare for anything. Otherwise, you might as well start charging patients for the legal fees that come after a breach. That’s how widespread hacking has become. There are no guarantees, but subscribing to a IT blog or site is one of the best ways to insure your company will be protected from hacks within and from outside.