When Your Head’s in the Clouds

Jun 2, 2016 | Healthcare, Security

cyber security information breach

By Chris Geraci, Marketing Coordinator Litmos Healthcare

Some of you may remember the written letter, handwritten chart notes, having just five television channels (on a good day), and the TV remote was your youngest sibling. Now we text, tweet, travel, and transfer money with one click… and without a thought. You’d look over your shoulder if you walked down a dark alley alone at night, but do we proceed with the same caution with the data on our devices?

As technology becomes more sophisticated, it’s that an industry of healers, keeps up the pace. However, we all know were not. What’s even worse is criminals know we’re not and they’ve placed a target on our data. Hackers are hacking us and there’s a vigilante ring of hackers hacking hackers!

In 2015 it was discovered that an insulin pump was vulnerable to hacking and could be modified to deliver a lethal dose of insulin. The normal individual would think, “Why would anyone want to do that?” I suppose the why is not important, but understanding the how is. It doesn’t start or stop with an insulin pump either.

Any device that you can access wirelessly is vulnerable to the mechanisms of a hacker. Maybe there is a very small group out there that wants to deliver a lethal dose of medication, but I suspect there is an expansive group that would use a medical device as a gateway to better things. We know that PHI is valuable to the black market and a breached insulin pump may be the means of getting to that information. A breach of a medical device gives hackers access to the network of a hospital or medical provider. That’s a win for the bad guys or “bad actors,” which is apparently what they are called now.

In 2015, it was estimated that 85% of healthcare organizations experienced a breach; that is almost ALL of you! Of those breaches, 18% cost more than $1 million to remediate. You may think that cyber-security is an IT issue, but at that rate of loss, it’s clearly a business issue.

Many of you are clamoring to get cyber-security insurance. You most likely wouldn’t drive your car without insurance, what if you crashed? So you tailgate with confidence because if you get in an accident, you’re covered. Cyber-security insurance is vastly different.

For example, if your iPad is stolen or compromised and it wasn’t encrypted, PHI was stolen and social security numbers were circulated, you will not be protected by cyber-security insurance. As a matter of fact, the standard cyber-security insurance policy has more exclusions than inclusions.

Cyber-security needs to be a multi-pronged approach. Unfortunately, human error is still the largest cause of most breaches and something you can easily change. Analyze your protocols, assess vulnerabilities, understand all the laws, have an incident response plan in place, engage all stakeholders, and educate your staff.

We take ease of use and the ability of our devices for granted. It certainly makes life a lot easier and more efficient, but has it made us careless and stupid?