How to protect your care business from cyber attack

Cyber security in healthcare has been a growing concern over the past few years. And with the implementation of GDPR, fears about pitfalls could become more widespread1.

The adoption of new technologies; Electronic Health Records, online patient portals and Internet of Medical Things (IoMT), bring with them new security risks2. Because of these, your care services business may have undergone some dramatic changes in recent years.

In 2015, over 100 million healthcare records were compromised from more than 8,000 devices in more than 100 countries3. And this is only likely to increase with the growing interconnectivity of modern software and devices.

Unique healthcare cyber risks

These are some of the unique risks posed to your business:

  • Volume of personally identifiable information and health information stored on shared systems.
  • Creation and transmission of Electronic Health Records (EHRs) and Personal Health Records (PHRs).
  • Reliance on external service providers for payment processing and laboratory testing.
  • Liability for risks created by providers under regulatory statues.

Common healthcare cyber threats

Increase in technology

Information Systems Audit and Control Association research shows mobile devices (54%), cloud (50%), and social media (38%) as the most difficult technologies to secure4.

Internet of Medical Things (IoMT) is one of the most recent and accepted advancements in medical technology. However, these are also one of the biggest threats of cyber risk2. As more of your processes to remotely access information, IoMT devices are not built with security features.

Ransomware is an example of a new and evolving data security threat which acts by breaching shared IT systems and preventing access. The cost of a healthcare data breach has been calculated at £300 per individual record, with an average of 30 records stolen per breach, making this one of the most lucrative cyber scams5.

Limited investment in cyber security

65% of Chief Information Security Officers in care services believe they have “inadequate in-house expertise” to deal with a cyber security breach6.

Cyber security investments in healthcare must compete with other more urgent needs. New medical technologies and equipment, staff and basic supplies are often your priority, leaving your business unprotected.


Cyber security protection is particularly lacking in smaller and independent practices. If you’re a small organisation, you might receive limited funding, which doesn’t sufficiently cover your cyber security needs.

With modern technology, your business is more at risk than ever. The connectivity of the care services industry, makes your small business an easy way to breach larger organisations by accessing their data through your systems7.

How to prevent cyber attacks in healthcare

Did you know that 47% of business technology professionals do not consider their organisations leader to be digitally literate?8 By taking these few simple actions could help protect your business against cyber threats:

Cyber security education 

Every member of staff, from doctors to administrators, plays a role in keeping your organisation secure. But many are not aware of how their day-to-day activities might open the doors to a data breach. Cyber security education for your staff is essential in protecting against CEO and dishonesty fraud. Your staffs’ knowledge on what to watch out for and the processes in place if there is a cyber breach should be evaluated.

Create cyber security policies

A good cyber security policy is essential in managing security throughout your organisation. Over 60% of providers don’t have an effective Identity and Access Management (IAM) policy in place, leaving them wide open to an external breach1. We are able to help you write your policy with our expert risk management knowledge.

Cyber risk assessments

A cyber risk assessment enables you to see how your staff are using applications. It not only helps ensure that cyber security policies are being followed, but improves compliance and patient data protection2.

You should also assess the potential financial cost of a cyber attack, build a model to quantify costs of a data breach and create an assessment for loss arising from data loss.

Why your standard insurance policies won’t protect against a cyber attack

Though your existing policies may offer some level of coverage, they are unlikely to cover in the event of a cyber security breach.

Your basic insurance will usually cover:

  • General liability: covers injury and property damage, not economic loss.
  • Errors & omissions: covers economic damages resulting from a failure of defined services only - excluding data and privacy breaches.
  • Property insurance: covers tangible property only.
  • Crime: covers employees and tangible property. Offers no cover for third party property, including customer/client data.

Your basic insurance doesn’t usually protect you if you’re the victim of a breach. Having cyber security insurance will help you with disaster recovery, should a breach happen. 

Jelf offer various care insurance packages to care services professionals as well as cyber liability insurance for care to help protect your organisation against the risks posed by cyber security.


1. goanywhere.com/cybersecurity-concerns-in-healthcare 


Our latest whitepaper provides guidance on the risks and benefits posed by emerging technology and how they may impact your care business.