Lee Barrett
Executive Director and CEO, Electronic Healthcare Network Accreditation Commission
Ransomware and other cyberattacks in the past few years have exposed the security vulnerabilities of several of our nation’s most trusted financial, consumer and health care institutions. Breaches at Equifax, Facebook, Anthem and Uber have compromised the personal information of more than 328 million Americans. Even tech giant Google fell victim as a bug left the account information of as many as 500,000 users vulnerable, resulting in the company ultimately deciding to shut down its social platform, Google Plus.
It’s clear from these brazen and devastating attacks cybercriminals have become more sophisticated and dangerous, capable of bringing any industry to its knees. Therefore, it’s no surprise that 1 out of 4 organizations have or will experience a data breach or cyberattack.
Health care data breach costs are reportedly the highest among surveyed sectors with the average cost per breach sitting at $3.62 million globally. More valuable on the black market than getting someone’s credit card or social security number, an electronic medical health record (EHR) could be worth hundreds or even thousands of dollars to cybercriminals. Costs incurred post-breach for companies include remediation, loss of stakeholder trust/credibility, loss of customers, business disruption, regulatory fines, legal fees, crisis communication costs and direct financial loss.
Focus on core foundational risk assessment
As incidence of cyberattacks rises, organizations need to focus on the development of ongoing risk and vulnerability assessments. This includes changing passwords every 90 days, assuring all software patches are comprehensively applied, and employing two-factor authentication and antivirus software. Organizations must also limit the number of login attempts a user can try before being locked out and the number of administrative credentials issued.
Shore up your BYOD protocols
The number of smart devices in our homes, cars and places of business was up to 10 billion in 2018, and is expected to rise to 64 billion by 2025. Introducing these internet-connected devices into a work environment increases the number of connection points and risk vectors, which in turn raises the level of exposure and heightens the risk of a breach. As a result, organizations need to evaluate bring-your-own-device (BYOD) protocols within their security frameworks as they present a unique set of data security challenges.
Ensure business continuity and preparedness planning are in place
Organizations must accept the threat of a cyberattack is ever-present and be prepared to focus on mitigating enterprise-wide effects. This can be accomplished by reacting quickly and implementing business-continuity plans, which includes assuring a robust backup plan of an organization’s system is in place. Additionally, staff at all levels should be trained and well-versed in security protocols.
No organization can totally prevent all cyberattacks, but with proper planning and adopting the right policies and procedures, companies can effectively manage the risk and impact of a breach.