In episode 45 of the Revenue Roundtable podcast, the co-hosts discussed cybersecurity risks facing the healthcare industry. Their guest was Brad Rounding, CIO for Revco Solutions. Rounding has a strong background in cybersecurity, holding bachelor’s and master’s degrees in cybersecurity, along with certifications. He’s worked with federal, state, and local governments, plus private equity companies and American corporations.
Healthcare Security Concerns
In the healthcare industry, the main concerns are data breaches and system availability. Disruption to the vital information systems in healthcare clinics and hospitals can have an impact on the lives of patients. Data security is another concern, particularly a breach of sensitive and confidential patient records. Mitigating these risks involves creating a solid backup strategy for systems, strong endpoint encryption, and anti-virus and anti-malware software to avoid ransomware attacks.
On the data breach side, it’s critical to ensure a strong account management process is in place, maintain data security at rest and at motion, and monitor phishing risks. Phishing continues to be a major threat to healthcare clients and other industries, as it uses email to breach the security of an organization. Revco Solutions is addressing phishing through a randomized test about once a month across the organization. This testing tracks how the recipient interacts with an email.
Phishing Tests
In the early simulations, the emails had high click rates in the 30% range, especially when they came from Human Resources (HR). Since then, the employees are more cautious and may not even click on an email that actually does come from HR or another internal department. The current click rate is closer to 1%.
The top vulnerabilities impacting organizations can change week to week and month to month, so having a strong patch management system is important. Employees also serve as the first line of defense (or the weakest link) as they use the systems in place in the clinic or hospital setting, so education is key.
Damage Control
Since there’s no way to avoid 100% of all attacks, it’s helpful to know how to mitigate the damage. In the healthcare industry, the HIPAA High Trust certification is worth considering. Those who handle credit card information should adhere to the PCI framework. Select a framework and adapt to its controls, and then implement a third-party monitor to certify an organization’s compliance and adherence to the rules.
Why Healthcare Organizations Are Targeted
Healthcare organizations are often targets of cyberattacks. Hackers look for “low-hanging fruit,” or easy targets. Many healthcare organizations use outdated systems and infrastructure that aren’t protecting patient information as well as they should be. These organizations also hold a vast amount of information, including personal and financial details. A hacker who uses ransomware to target a healthcare organization may get a large payout because that organization will do whatever it takes to protect their information and keep their systems online. Revco Solutions is a trusted partner that can monitor the risks of cybersecurity attacks and help prevent them. Healthcare organizations that want to protect their patient data and system availability can partner with Revco Solutions by contacting 855-202-0113 or visiting revcosolutions.com.