|By Free, Jason|
Mitigate the risks of cyber attacks.
Most health organizations fully understand that they are at great risk in terms of cyber attacks, but few possess the proper perspective in terms of developing an effective cyber attack defense plan.
While it may sound rather ominous, Calatayud's statements provide a very reasonable context for creating a plan to secure your facility and its very valuable assets.
Know what's at stake
The full economic value of the records held within a single healthcare organization is almost beyond measure. When trying to calculate the combined value of the personal information of patients, the potential fines incurred for data breach violations and the loss of reputation within the industry and general public due to a cyber attack, one can quickly become overwhelmed by the numbers.
"Outside of malpractice, I can't think of a more damaging force to a hospital's reputation than a data breach," says Calatayud. "In time, you may be able to lose the stigma, but in all honesty, I think in the future, it will cause some organizations to close their doors forever."
It could be argued that no matter the skill level of its staff nor the sophistication of its equipment, a bad reputation in terms of patient data safety could doom a hospital's standing in the community. That's not to say that administrators should use reputation as their incentive to develop a plan against data breaches because, like their physicians, their chief goal should be to do no harm to their patients.
"If you look at a standard healthcare organization, there are massive amounts of electronic protected health information (EPHI)," says
Given that it occurs millions of times a year, we have all either heard, or even experienced firsthand, the traumas caused by stolen identities. In terms of criminal opportunities, the theft or misrepresentation of one's identity will become only more attractive as more of our daily lives become part of the digital world. As previously mentioned, these threats are not unique to medical environments, so rather than looking at their situation in a vacuum, healthcare organizations ought to seek out best practices from other industries, and none has had to deal with as many cyber attacks as the financial field.
"Going back to the 1980s, many banking systems at the time felt as though they may be able to get rid of their branches and put all of their business operations online. Obviously that didn't happen, but with that philosophy behind their security practices and policies, they have developed more robust, more mature data security systems than those often found in healthcare," says Calatayud.
In many ways, banks are currently the fastest people facing the possible "bear attack" of a cyber crime, so there is a great deal to learn from their defensive strategies. However, it is important to keep in mind that the act of stealing from a healthcare organization is not like robbing a bank. The information, and money, within a bank is similar in nature to EPHI in a hospital because electronic data is just that, electronic data, but there are key differences with the data that must be considered.