The growing risk of cybersecurity incidents is well-documented. Hardly a week goes by without a major headline on the topic, and this year, it’s ransomware that has dominated the news; in particular, there were breaches at the Colonial Pipeline, meat supplier JBS, and the software company Kaseya that drew large-scale attention to the problem. It’s safe to say there are many (daily) security incidents that do not attract widespread media attention.
The healthcare industry is certainly not immune from these risks, and to make matters worse, there are some unique concerns the industry has to worry about. First and foremost is a concern about patient safety and security. Healthcare providers are increasingly reliant on highly sophisticated, connected systems to care for patients. A disruption to those systems poses a very serious risk to the standard of care that patients can receive. Healthcare providers have data privacy concerns to deal with as well: HIPAA is the obvious one, but for any organization that accepts card payments, PCI presents additional data security requirements.
A few years ago, one of our healthcare clients had a major cybersecurity incident that caught their leadership’s attention. In response, they invested millions of dollars in innovative new security technology. For healthcare organizations eager to protect their patients and data against cybersecurity threats, there are many vendors offering a wide array of different technologies. Our clients have had success implementing some of those tools, but cybersecurity isn’t only a problem to be solved by technology – it’s a problem to be solved by people. Although the human element to cybersecurity doesn’t always attract as much buzz or investment, employees make very important contributions to an organization’s cybersecurity.