Meditology’s New White Paper Affirms Perfect Cyber Storm Striking Healthcare Organizations at Critical Juncture

Share Article

Emerging trends signal providers face significant cyber vulnerability and must ramp up compliance enforcement

Meditology Logo

Since attackers are intent on obtaining patient information and other sensitive data for financial gain, providers must remain vigilant. Security and privacy threats will continually shape healthcare delivery and operations over the next several years.

In the wake of May’s worldwide WannaCry ransomware attack, emerging trends have created the perfect cyber storm striking unprepared healthcare organizations. Data proliferation, the fact that only one of every four business associates (BAs) possesses a security certification, an escalating cyber security skill shortage and risky medical devices are among the latest trends revealed in Meditology Services LLC’s second annual white paper titled “State of Healthcare Security and Privacy.”

The white paper outlines the emerging developments – several already a familiar pattern – healthcare entities should consider in building and deploying cyber protection programs. The research is based on Meditology’s combined forecasts and examinations of healthcare companies and provider clients confronting cyber security challenges. Meditology is a professional services company specializing in information security for healthcare organizations.

The white paper can be downloaded here.

The sheer volume of protected health information (PHI) processed, stored or transmitted across multiple platforms makes hospitals, health systems, physician practices, payers and other providers an even greater target for cyber attackers. The U.S. Department of Health and Human Services (HHS) reported 106 hacking incidents in 2016, nearly double the year before and over 20 times more attacks than were discovered in 2010.

“Healthcare organizations have finite resources and budget constraints,” said Brian Selfridge, IT Risk Management Partner at Meditology Services. “Since attackers are intent on obtaining patient information and other sensitive data for financial gain, providers must remain vigilant. Security and privacy threats will continually shape healthcare delivery and operations over the next several years.”

Third party breaches are rising

Referencing a recent report from CORL Technologies, Meditology’s sister company focused on healthcare vendor security risk management, Selfridge noted that third party providers have yet to be effective in adequately protecting PHI to comply with regulatory and risk management standards. Equally alarming is that only 26 percent of outsourced service BAs retain a security certification (HITRUST, SOC 2 Type 2, ISO 27001, and FedRAMP). “That’s one in four business associates, which is great cause for worry,” he said.

Shortage of cyber security skills persists

Cyber security professionals remain in high demand. The healthcare industry suffers from a deficit of experienced personnel trained in the clinical and regulatory environment from a security perspective. Healthcare leaders are also grappling with the challenge of recruiting and retaining skilled security talent while competing with other high paying industries for sought-after cyber security skills.

Ransomware and medical devices are lethal combination

Ransomware continues to pose a significant and growing threat. The healthcare industry is disproportionality affected by ransomware – and not just from the effects of lost productivity and the financial costs associated with response and recovery activities. Hospital and health system leaders worry about the potential impact on disruption of patient care. Additionally, medical devices are opening the door to a trove of PHI and regulated data. Security incidents including ransomware related to networked devices have the potential to impact patient safety and do meaningful harm to patients.

Selfridge emphasized the importance of being prepared for more predicted vicious cyber attacks to come. “Healthcare organizations should certainly widen focus from breach prevention to include effective breach response capabilities,” he said.

About Meditology Services
Meditology Services is a healthcare advisory services firm with offices in Atlanta, Philadelphia, Nashville, Denver and San Diego. Meditology provides consulting and management services including assessing and developing security and compliance programs to some of the largest U.S. healthcare organizations. Our reputation for client service excellence is garnered from the quality of our work products combined with the professionalism, approach and innovative solutions brought to client engagements. Meditology’s industry thought leaders have decades of extensive experience in IT risk management and healthcare IT consulting. Visit http://www.meditologyservices.com and follow us on Twitter and LinkedIn.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kaye Gibson
@CorlTech
Follow >
CORL Technologies LLC

Visit website