If you’ve been following our blog, you know that under HIPAA, most healthcare facilities are legally required to provide some kind of protection for your sensitive medical data. Unfortunately, in many cases this protection is falling short.
If your healthcare data falls into the wrong hands, it can cause you financial harm and even permanently impact your health. Why, then, do we keep hearing about hacking or ransomware incidents on the news? Your medical data can be worth up to 50 times more than your financial information. Thieves want this data very badly—between November 2020 and January of 2021, in fact, medical facilities registered a 45% increase in cyberattacks.
Part of the problem appears to be the lack of genuine IT professionals in an industry that sorely needs infrastructure support. The other part, however, is that most medical professionals are just that: medical professionals. They’re ready to provide their patients with expert care, but that knowledge may have come at the expense of good safety protocols.
“I’m not in IT, so why should I do it?”
The KnowBe4 2021 State of Privacy and Security Awareness Report explored the cybersecurity and IT know-how of 1,000 U.S. employees. It highlights an unfortunate statistic: 45% of those surveyed indicated that because they were not in IT, they did not need to worry about cybersecurity safeguards.
We aren’t referring to high-end security practices. Only 16% of respondents fully understood how phishing can give thieves access to a facility’s data, and not even half seemed to realize that following a link or downloading a file on a company or private device could give hackers a backdoor entrance.
Training falls short
The quickest, most effective way to keep healthcare employees up to speed on cybersecurity and what to watch out for is to provide ongoing, in-depth training as threats continue to evolve. While some healthcare employers provide some form of intermittent training, 24% have not offered their employees any training at all.
This is particularly hazardous; threats are only going to become more sophisticated, and if employees can’t identify them, your medical data is at an ever-higher risk.
IT departments are overwhelmed
Healthcare infrastructure is extremely delicate. Medical devices, computers, insurance companies, pharmacies, and facilities all need to communicate with each other. This leads to patched-together networks that often require a lot of attention—before fending off cyberattacks.
Yet healthcare facilities aren’t often providing the funding or staff necessary to give their IT departments an edge against thieves. In fact, 87% of the leaders in the healthcare security sector report that they don’t have the staffing to keep everything safe.
Until some of these problems are remedied, it’s a good bet that your medical privacy will remain under constant assault.
Protect your privacy with HealthLock
Your medical professionals can absolutely be entrusted with your health. Unfortunately, the same can’t be said for your medical security and privacy.
That’s where HealthLock comes in. We monitor your healthcare records, and our powerful AI technology audits every bill you receive. If cyber criminals do get their hands on your medical data and sell it or use it for themselves, we can often detect a problem before it escalates into permanent changes to your medical record.
We have a long way to go before our healthcare infrastructure is a safe place for your medical data. Until then, trust HealthLock to help you guard your most valuable information.
Sources:
https://www.hipaajournal.com/survey-reveals-24-of-healthcare-employees-have-had-no-security-awareness-training/
https://venturebeat.com/2021/11/30/the-surprising-health-care-security-vulnerabilities-that-need-shoring-up/
https://healthitsecurity.com/news/87-health-orgs-lack-security-personnel-for-effective-cyber-posture
https://www.mcknights.com/blogs/guest-columns/dont-sleep-on-hipaa-and-cybersecurity/
https://www.knowbe4.com/hubfs/2021-State-of-Privacy-Security-Awareness-Report-Research_EN-US.pdf