COVID-19 IS RESPONSIBLE FOR A RISING NUMBER OF BREACHES
The pandemic, which encouraged people to work remotely and saw a sudden spike in the use of telehealth, caused a rapid change in technology and how data is shared. The way data is exchanged shifted when remote employees began tapping into the facility’s network to access data, and patients started receiving virtual care. The more devices connected to the network, the greater the “surface area” for cyberattacks.
“The pandemic forced 60% of organizations to move further into the cloud. Such a rapid change resulted in vulnerabilities being introduced and security often lagged behind the rapid IT changes,” noted the HIPAA Journal. “Almost 20% of organizations that reported data breaches in 2020 cited remote work as a factor, with the cost of a data breach around 15% higher when remote work was a factor.”
A common cause of data breaches is compromised credentials, which is when a person steals or otherwise gains access to an authorized person’s credentials and uses them to access a network and steal information. This allows the hacker to sign onto a network rather than hack in, making these stealthy breaches take longer to detect than other types of attacks—an average of 250 days to detect compared to the overall average of 212 days for all types of breaches, according to HIPAA Journal. This means if a hack occurs on January 1, it won’t be discovered until September 8.
PROVEN SECURITY SOLUTIONS ARE NEEDED TO MITIGATE DATA BREACHES
Clearly, facilities need to mitigate data breaches. One solution is security automation, which significantly reduces the cost of a data breach. HIPAA Journal reported that organizations with a fully deployed security automation strategy had average breach costs of $2.90 million per incident, compared to $6.71 million at organizations without it.
Likewise, companies with a hybrid cloud environment, which has data both on-premises and in the cloud, had lower breach costs than those that were primarily cloud. Typically, the more sensitive data is kept on-premises, which makes it more difficult to breach than in the cloud.
Regardless of where data is stored, a robust security system is needed to identify and prevent attacks. System weaknesses are among the most common vulnerabilities, with 67% of data breaches in healthcare in 2020 resulting from criminal hacking.
Healthcare organizations need the proper cybersecurity tools and strategies to prevent attacks, especially as companies migrate to the cloud and undergo digital transformations that enable more data-sharing across digital devices. These tools and best practices include:
- Conducting security checks to ensure HIPAA compliance
- Training staff in data security to identify potential breaches
- Monitoring tech devices for unauthorized usage
- Having a response plan in the event of a breach
- Updating security software and the IT infrastructure