Five Essential Cybersecurity Threats to Focus On
By COPIC’s Patient Safety and Risk Management Department
While the issue of cyber liability is something medical providers have been warned about for years, the question of “where to start” to protect yourself can be complicated. Last year, the Department of Health and Human Services released a publication titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” to help medical practices and facilities prioritize what issues to tackle first.
Based on recommendations that focus on the most impactful threats, the publication notes that “Given the increasingly sophisticated and widespread nature of cyber-attacks, the health care industry must make cybersecurity a priority and make the investments needed to protect its patients…Hackers look for targets that require the least time, effort, and money to exploit. Do not make the mistake of thinking that your practice, no matter how small, is not a target for indiscriminate cyber-attacks.”
The most impactful threats the publication identified are:
Email phishing attack
Ransomware attack
Loss or theft of equipment or data
Insider, accidental or intentional data loss
Attacks against connected medical devices that may affect patient safety
The HHS publication includes a two-page summary regarding each threat with real-world scenarios, quick tips, and a table that outlines vulnerabilities, impact, and practices to consider. The following are two of the five threats to highlight as examples of the useful information available in the HHS publication.
In addition to the “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” publication, there are two supporting technical volumes that outline ten cybersecurity practices for managing the key threats (one volume is designed for small health care organizations, the other is for medium to large organizations). There is also a “Resources and Templates” document that includes a variety of cybersecurity resources and templates for end users to reference.
WEB EXCLUSIVE: All of these materials are available for download - click here.