Electronic medical records. E-prescribing. Online collaboration amongst patients, providers, and payers. These advances mean protecting personally identifiable information (PII) and other sensitive or proprietary data is no longer as straightforward as locking a file cabinet or an office door. Digital business has come to healthcare, and so have cyber-based security vulnerabilities
The deployment of technological advances that promote faster and easier communication and information sharing for improved healthcare must be accompanied by similar commitments and investments in cybersecurity solutions. Otherwise, cyber criminals will wreak havoc on the healthcare system.
Want proof? In 2015 alone, Anthem, the second largest health insurer in the U.S., suffered a data breach that comprised the PII of 80 million individuals. U.S. healthcare provider Primera exposed the PII of 11 million people. And Community Health Services, which operates over 200 hospitals across the U.S., allowed the PII of 4.5 million patients to fall into the wrong hands.
Healthcare organizations face a massive cybersecurity challenge. First, they must dedicate the time and resources to raise their own cybersecurity maturity level to a point where they can detect and repel cyber threats before they have impact. That in itself is a tough hurdle to clear. What’s more daunting is the next obstacle: ensuring that their ecosystems of partners, suppliers, customers, and other third-parties with whom they collaborate electronically all have cybersecurity postures sophisticated enough to deal with these same cyber threats. After all, the community is only as strong as its weakest link, and plenty of members may not have had the motivation or capability to adequately protect themselves.
Healthcare organizations need insight into the cybersecurity maturity levels of each and every one of their current and prospective partners. They must reconsider the business relationships they have or are considering with those that don’t meet a minimum threshold. Partners need a roadmap for improvement so they can justify making the security-related investments required to enter into or continue the relationship.
For both parties, the answer is a new-breed of risk management solution. One that monitors, measures, assesses, and mitigates risk throughout the ecosystem in real-time and over time, continuously updating a cybersecurity maturity score for each member to reflect cybersecurity posture vs. vulnerability to cyber threats. Healthcare organizations with this kind of solution in their arsenal are best positioned to protect themselves from becoming the next data breach headline in 2016.