Healthcare cyber-security series.
Cyber security in healthcare is a growing concern for healthcare leaders and for good reason. Healthcare has been a key target for cyber-criminals, accounting for 67% of attacks in 20191 and this has been getting worse throughout the pandemic.2 The top cause of loss for healthcare businesses was accidental disclosure – often a result of human error.3
Cyber-criminals target healthcare businesses as they adopt new technologies - exploiting the growing interconnectivity of modern software and devices. More recently, the industry has been providing huge financial rewards for criminals. Healthcare workers distracted by the pandemic and employees working remotely have been easy targets, much less likely to detect a suspicious email.
The healthcare industry presents a unique opportunity for criminals, due to the sensitive nature of the data held and how this data is shared.
The combination of sensitive data and lack of cyber security awareness makes the healthcare industry very lucrative for cyber-criminals.
Healthcare has seen some dramatic changes over the last few years, moving from manual to digital records, and developing population health tools and enhanced security. This rate of change is part of the reason why cyber security issues in healthcare are concern for many leaders.
With the increase in remote working, and the improved ability to remotely access information – care should be taken to ensure all employee devices are equipped with the necessary security features.
As healthcare workers increase their use of email and digital communication methods – they become more at risk to phishing attacks and the threat of ransomware.
According to IBM’s Cost of a Data Breach Report, the average cost per compromised record has increased steadily over the last three years. In 2019, the cost was £110 (per record). To put this into context, 5.2 million records were stolen in Marriott’s most recent breach - which could amount to over £500 million.4
Often, limited budgets in healthcare mean cyber-security must compete with other urgent needs. However, it is more important than ever to invest in cyber-security. Protecting your business from cyber-crime and data breach doesn’t need to be expensive. Modest investment in training and process changes can provide outsized returns, reducing the likelihood of falling victim.
A cyber incident can lead to:
To protect your business, carry out robust risk assessments, offer training, and ensure you’re covered by a cyber liability policy, protecting you against human error, cyber-crime, and data breaches.
A cyber risk assessment enables you to see how your staff are using applications. It not only helps ensure that cyber security policies are being followed, but improves compliance and patient data protection.
You should also assess the potential financial cost of a cyber-attack, build a model to quantify costs of a data breach, and create an assessment for loss arising from data breach.
Your employees are your first-line of defence against cyber-crime and data breach. Provide periodic anti-fraud training that teaches all employees to detect and avoid phishing and social engineering scams.
Your existing commercial insurance may offer some level of coverage, but a cyber liability policy is essential to properly managing the risk within your business.
Your basic insurance will usually cover:
Marsh Commercial can arrange cyber liability insurance that will help you with recovery from cyber-attack, by:
Read more about cyber liability insurance for healthcare providers here.
Sources
3 https://www.beazley.com/news/2019/beazley_breach_briefing_2019.html