Have you ever been offered a free credit report? Chances are that the organizations that have offered you these reports have (usually) experienced a breach and are required to offer these services to help mitigate the consequences and limit their liability.
A recent report in Becker’s Healthcare about an ASC group’s security breach highlights that healthcare is considered a high-value target for malicious actors. The primary motive for these groups is financial, and these groups are prepared to leverage whatever is necessary to generate income. The challenge is that their tactics constantly evolve to improve their effectiveness and ROI for the perpetrators, putting healthcare providers in a continually defensive position.
It would be very easy to be fatalistic. Providers should not operate in the mindset of “if we get breached” but rather “when we get breached.”
No solution can resolve all security concerns, but some common-sense strategies can be used to reduce the likelihood of a breach. These strategies can be invaluable to the provider, whose bottom line will be negatively impacted by the fallout of a security breach from a legal, compliance, and reputational standpoint, and the customer, whose identity information can be offered up for sale on the Dark Web. According to a Trustwave report, a healthcare data record may be valued at up to $250 per record on the black market, compared to $5.40 for the next highest value record: a payment card. Ownership of these records can lead to identity theft and affect a patient’s health and wellbeing as their identity/insurance information is used to purchase healthcare on behalf of the malicious actor – all at the expense of the legitimate patient.
In healthcare, the primary focus is on health outcomes. Things like IT security are often considered a distraction and inconvenience that can limit the provider’s ability to focus on patient care. Unfortunately, by ignoring security implications, the reverse can come true.
HST wants to partner with its customers to provide secure solutions and security guidance that can be used to help improve the security posture and culture of your environment without impacting your ability to provide patient care.
The simple truth is that security surveys repeatedly identify the initial point of entry as a user-initiated action, likely the employee clicking a link or opening an attachment sent by cunning criminals who have a lot of practice in fooling people into helping them gain a foothold. So from an organization’s cultural perspective, there has to be an understanding that IT security can have almost as much impact on your organization as the care you provide. Unfortunately, this is often realized after a breach has occurred.
To that end, we intend to provide a series of blog posts in which we will publish practical security advice. Larger corporate ASC chains have the luxury of dedicated security and compliance teams that help mitigate (though not eliminate) many security risks. Unfortunately, small and medium-size ASCs do not have that benefit. By leveraging the expertise of IT Managed Service Providers, you can ensure that the IT infrastructure you rely on to provide your patients the care they deserve is protected, managed, monitored, and remediated to reduce the likelihood of your ASC being in the news about the next security breach.