BLOGHIMSS18 Highlights Growing Cybersecurity Threat
HIMSS18 Highlights Growing Cybersecurity Threat
I recently returned from HIMSS18 , the largest healthcare technology conference of the year. It was a reminder of how far healthcare technology has come, and how far we still have to go. I focused my time at HIMSS on things that matter the most to ITelagen customers. A major trending topic this year was the growing cybersecurity threat to medical practices of all sizes. Many discussions emphasized new approaches and tools to protect patient data.
Cybersecurity used to be something that only mattered to IT teams. That’s not the case anymore. The threat of a breach has increased so much that cyberattacks are the #1 business risk for global organizations.
The danger is especially acute in healthcare practices that manage highly sensitive and valuable electronic protected health information (ePHI). The majority of respondents (75.7%) to the 2018 HIMSS Cybersecurity Study said that their organization experienced a significant security incident in the past 12 months. This number is so high due to both external and internal factors:
- Cyberattackers are more skilled and sophisticated. The intelligence behind the attacks keeps evolving, and today’s breaches are often guised as legitimate activities. Traditional solutions like anti-virus and anti-malware aren’t as effective as they were in the past.
- Practices lack strong cybersecurity education and awareness. Most staff members aren’t trained to identify and avoid potential security issues. They are more apt to inadvertently put the practice at risk by doing something like clicking on a link in a phishing email.
Together, these two things are a recipe for disaster. As threat actors are stepping up their game, we must evolve and adapt. This is why ITelagen has expanded our cybersecurity solution to better address both sides of the risk equation.
Endpoint Detection and Response
External risks are more complex than ever, so we’re responding with more advanced tools to combat the threat. In the past, you could install anti-virus and anti-malware software on your machine and consider it protected. Today, attackers are hiding Trojans inside of what appear to be legitimate applications, so they don’t raise any red flags with traditional cybersecurity software.
A recent study reported that companies lost an average of $5,010,600 in 2017 to endpoint attacks, averaging $301 per employee. And healthcare endpoint attacksspecifically cost the industry $1.3 billion.
In response, ITelagen has made a significant investment in sophisticated endpoint detection and response (EDR) tools. This new generation of EDR solutions goes deeper into the legitimate applications, proactively looking for signatures of bad activity. If the search uncovers anything suspicious, it immediately alerts our team so that we can intervene before a serious incident occurs.
Cybersecurity Awareness Training
It’s a well-established fact that people are the number one cybersecurity risk. According to a 2016 report, up to 60% of all cyberattacks result, often unwittingly, from the actions of people inside or closely connected to the breached organization.
But there’s more to it than just having everyone complete an hourlong class on how to avoid falling prey to cyberattackers. Once staff members have received some level of education, the training program must continually be updated to address new and more sophisticated threats. And each new person that joins the practice must go through the training – a new hire is the weakest security link in the chain.
ITelagen helps practices deliver foundational plus ongoing staff cybersecurity education. We provide initial training that everyone must complete, with regular updates that cover the latest threats. We also test staff with mock phishing emails and offer additional education to people who fail to recognize the threat and click on a potentially dangerous link.
HIMSS18 showed us that the cybersecurity threat is more serious than ever for healthcare practices. Here at ITelagen, we spend a significant amount of time and money to ensure the highest levels of data security and availability in our fully HIPAA compliant, US-based data centers. But one mistaken click on a bad link by an unknowing customer can become a massive single point of failure.
Our new cybersecurity solution takes a holistic approach by addressing all facets of cybersecurity risk: the increasing sophistication of attacks, plus the need for better staff awareness and education. Contact us today to learn how we can help your data – and your practice – remain protected and secure.