Everyday people place their bodies and their lives into the hands of healthcare professionals. Doctors, nurses and others put time and care into making us feel better when we are sick, and providing advice for longer, more vivacious lives. But there is another field in which healthcare is severely lacking — cybersecurity.
Not only does healthcare lag far behind other industries when it comes to cyber defense spending and expertise, but it’s also a growing target for hackers and cybercriminals. Thankfully, CyberPolicy provides cyber insurance for medical practices. Even if your organization is breached by a malicious hacker, CyberPolicy can insulate you against the financial damages.
Still, there are a few frightening statistics you should understand.
Employee negligence was the root cause for 81 percent of cybersecurity incidents.
According to CSO Online, 81 percent of cybersecurity incidents are rooted in employee negligence. This can occur in any number of ways. Maybe an employee uses weak administrative sign-in credentials or a flimsy password. Maybe their laptop was stolen or lost. Or maybe they clicked on a phony email, attachment, link or download, exposing them to malicious software or phishing scams. No matter the reason, it spells big problems for healthcare providers.
To reduce these incidents, host regular employee training sessions to impart proper cybersecurity protocols.
The healthcare industry was the victim of 88 percent of all ransomware attacks in U.S. industries in 2016.
Ransomware attacks are quickly becoming a favorite hacker tool to stymie healthcare operations. For a little background, a ransomware attack is a form of malicious software that blocks legitimate users from accessing systems, networks or devices until a lump sum is paid. Average costs are generally in the tens of thousands of dollars.
An IBM survey found that 70 percent of businesses that experienced an attack of this nature paid to have their stolen data returned. However, there is no certainty that a hacker will turn over your data once the ransom has been paid nor will the harmful software disappear from your network. It is better to contact your cybersecurity or insurance provider before coughing up to cyber extortionists.
The healthcare industry invests less than 6 percent of its budget to cybersecurity.
For comparison, the 2016 federal budget allocated 16 percent for cybersecurity. Not to mention that Security Scorecard ranks the healthcare industry as 9th for its overall security compared with other industries.
It’s clear that healthcare organizations need to do more to protect themselves, their patients and their data from breach and cybercrime.
In the past two years, 89 percent of healthcare orgs were breached.
A report from the Ponemon Institute shows that 89 percent of healthcare organization had patient data lost or stolen in the past two years. That is staggering! The same institute found that data breaches are costing the U.S. healthcare industry an estimate $6.2 billion.
Much of this information is resold by hackers on the dark web, where it is used for identity theft and tax scams. In fact, a pilfered medical record can sell for $50 on the digital black market, compared to $1 for a stolen social security number or credit card.
Isn’t it better to spend pennies a day on a robust cybersecurity insurance than fork over thousands of dollars to combat the fallout of a cyberattack? If you are interested in cyber insurance for medical practices, get a free cyber medical quote today; and look for business insurance coverage via our parent company CoverHound!
