Healthcare at Risk
2019 saw an unprecedented cyber assault on its healthcare providers amounting to billions of dollars in costs, and the wave is continuing in 2020!
These impacts include:
764 healthcare providers attacked
285 patient record breach incidents
Nearly 32 million patient records affected
Redirecting of emergency patients to other hospitals
Inaccessible, destroyed or permanently encrypted medical records
Canceled surgeries, postponed critical tests, admissions halted
911 services interrupted
Badge scanners and building access systems stopped working
Offline surveillance systems
It’s only the quick-thinking, care and diligence of first responders, hospital staff, doctors and nurses that kept these incidences from causing loss of life to their patients.
Though 45 C.F.R. 164.308 offers summary guidelines for incidence response (which can include ransomware, patient data theft and other intrusions), and that institutions offer training on mitigating and responding to incidences, it is not clear as to specifics of what approach to take (aside from documenting procedures and incidences) or what security tools to use to monitor and mitigate against such threats.
Non-compliance to HIPAA can also result in significant fines and penalties to healthcare institutions. In the past, fines of $3,000,000 or more have not been uncommon for violations of HIPAA rules, although in 2019 fines were capped at $1,500,000 per year of violation.
The perfect storm is when a cyberattack hits resulting in ransom, loss of patient records, slowing or even stopping patient care, with the attack being due to HIPAA violations which subsequently result in heavy fines, plus the negative media attention that is sure to follow.
Unfortunately, in reading the bullet points above, the perfect storm does happen.
We Provide Security Tools to Match Policies & Procedures
Specific to HIPAA compliance and the needs of healthcare facilities and organizations, Future Networking provides a full platform of threat-mitigation tools that can eradicate ransomware and malware at their entry point before they infect a network. Additionally, we put safeguards in place to deny Protected Health Information (PHI) from being compromised.
Offering a holistic approach, we also provide Security Awareness Training based on the current threats in the real-world environment, and address issues using information obtained from our Security Assessment of employee behavior and flaws within the network. If the need is there, we can also take the assessment many steps further, and do network penetration testing (an Attack Audit). Here we can provide results from penetrating the system through external or internal nodes, as well as test physical security protocols to determine where they might be lax.