Cyber Security for the Healthcare Industry
Today, every individual and business needs to plan, prepare and be vigilant about cyber security. However, few sectors need ironclad cyber security as much as the healthcare industry. With patients dealing with life-threatening conditions and exchanges that include large amounts of both money and financial information, the privacy of medical records must be protected.
Healthcare is one of the biggest targets for cyber criminals. The reason for this is simple. Medical hacking is big money. Every day personal information is sold on the dark web for as little as $5 for a credit card number, $30 for an entire identity, yet up to $1,000 for medical records.1
Healthcare system vulnerabilities are a goldmine for hackers who can sell social insurance numbers, health card numbers, and credit card information on the internet to other criminals anywhere in the world.
The value of medical records
Healthcare data is packed with information about doctors and patients that allows cyber criminals to commit everything from identity theft to fraud, as well as cross-reference personal information to implement other kinds of cyber crime. As Health Information Management professionals, protecting the privacy, confidentiality and security of patients and their health information is a professional standard, a legal requirement, as well as an ethical responsibility.2
Consequences of a Cyber Attack in a healthcare organization
Cyber attacks, which can include the unauthorized access, use, manipulation or even destruction of electronic information, are a result of an inherent weakness in a database system or even the absence of a safeguard that could be exploited by a cyber threat. The consequences go well beyond response and recovery. If information is not available, it could lead to delays in diagnosis or treatment and potential legal ramifications and costs, along with other consequences, including:
- Ethical: breach in the confidentiality of personal information;
- Financial: costs related to an investigation and interruption of services;
- Legal: ramifications issued by the government and regulatory agencies in the form of fines or class action lawsuits on behalf of victims of a breach.
As dependency on technology for collection, storage and processing of personal health information and data increases, the risk of highly sophisticated, computer-based security breaches increases as well. Most hospitals, clinics and laboratories spend the bulk of their budgets upgrading their medical technology and securing the very best doctors, researchers, nurses, and support staff. They often overlook the need for cyber security and an IT team, or at least a head of cyber security, until it is too late.
What can be done?
Healthcare facilities and hospitals need to address cyber security immediately with:
- Improved technology
In order to better protect patient and physician data, advanced software, hardened data and sophisticated video monitoring systems should be employed.
- Secured networks
Shared networks can often result in vulnerabilities. Segmenting networks and limiting access to data, encrypting data with heightened security, and implementing secure policies about bring-your-own-devices (BYOD) can all mitigate the risk of cyber attacks.
- Educating staff and patients
Healthcare organizations need to continually inform both staff and patients about best practices for cyber security and the need for vigilance regarding compromises. Even basics, such as keeping staff up-to-date on the latest phishing scams and malware, regularly implementing a secure password change and installing antivirus software on all systems, can help healthcare providers ensure a secure and confidential environment for all concerned.
TELUS Secure Business, the nation’s leader in security systems, wants your organization to stay safe in every way. For information about alarm and video monitoring systems for your organization, call 855.958.8181 today.
 Canadian Health Information Management Association Code of Ethics