The healthcare industry is increasingly targeted by cybercriminals. As digital transformation accelerates and more providers move their internal systems to the cloud, deploy IoT medical devices and host medical records online, they become even more vulnerable.
In the wake of the COVID-19 pandemic, healthcare organizations have seen a large percentage of their workforce start working remotely while many providers have begun seeing patients remotely as well. This shift has created new threats and vulnerabilities that potentially can hinder an organization from fulfilling its mission.
Managing cyber risk in healthcare today is complex. Risk presents itself in an ever-changing threat landscape, filled with bad actors who don’t play by the rules. A healthcare organization trying to manage this cyber risk without software designed for this purpose is no better off than one who is trying to manage payment processing, payroll, or electronic medical record keeping with spreadsheets.
As discussed in this white paper, a best-in-class Enterprise Cyber Risk Management Software (ECRMS) platform not only facilitates compliance with regulations, but also creates the basis for a comprehensive, integrated, and holistic approach to identifying, managing and reducing cyber risk across the evolving healthcare IT ecosystem. Deploying an ECRMS in a healthcare organization is no longer an option – it is a necessity in order to maintain secure operations in today’s increasingly digitized health environment.
What should healthcare organizations know about complying with the breach notification and data security requirements of New York’s SHIELD Act? And how does the new law compare with HIPAA? Jon Moore, chief risk officer at consulting firm Clearwater, explains.
Servers appear to be the Achilles heel of healthcare organizations’ data protection efforts. About 54 percent of all individuals affected by an information breach of a healthcare organizations were impacted by a breach involving that organization’s server, according to data on the breach portal of the Department of Health and Human Services’ Office for Civil Rights, culling security incidents from June 1, 2018, to May 31, 2019. A report this summer from Clearwater’s CyberIntelligence Institute says that, of the breaches in the previous 12 months, 90 healthcare breaches affecting more than 9 million individuals, were related to servers in some way.