In a private notice to healthcare providers, the FBI has issued a warning that the United States healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.
"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," the Federal Bureau of Investigation said in a private notice it has been distributing to healthcare providers, obtained by Reuters.
In addition to weaker defenses, there is more to gain. Health data is far more valuable to hackers on the black market than credit card numbers because it tends to contain details that can be used to access bank accounts or obtain prescriptions for controlled substances.
So why has this occurred? Does healthcare just not care about security? That’s far from the case. Here are some challenges we’ve seen healthcare organizations have in building stronger defenses:
- Weak regulatory enforcement: While the HIPAA security standard is one of the oldest IT security regulations out there, until recently, it hasn’t been well policed. This means that healthcare, which is largely cost-sensitive and for a large part not for profit, didn’t make security spending as big a priority.
- Availability Trumps All: Whether its doctors that refuse to take extra steps to access health data, or concern that certain security measures may threaten availability and the care process, healthcare as a process is resistant to any security measures that might block or delay access.
- Managing the Cost of Care: The debate on how to lower the cost of care has been going on for decades. Healthcare is particularly sensitive on managing costs and security often doesn’t come cheap – from both a product and workforce perspective.
Aside from the FBI Warning, there are real costs associated with data breaches and non-compliance has never been greater for healthcare.
Need Some Tips on Improving Healthcare Security?
Watch our 2 Part Video: For helpful tips on how to manage these changes, we’ve put together a short 2 part video series on how to improve healthcare security without spending a fortune.
Part 1 covers the shift in the regulatory and risk environment and Part 2 goes through some helpful tips on how to cost-effectively improve healthcare security
Read a SolarWinds security expert developed guide on improving security: For more information, read this free white paper to understand more about healthcare IT security and risk management.
Share your tips and tricks here too. We'd love to keep the conversation going.