Although preventative medicine has been around since Hippocrates, it wasn’t taken seriously until there was a large-scale culture shift toward prevention. One large factor in this shift was that insurance companies figured out that it is cheaper to pay for preventative medicine than for treatment after there’s an illness or injury. 

We’re on the cusp of this same preventative culture shift in cybersecurity. Paying for preventative security not only protects your company, but it is also cheaper than paying ransomware once you’ve been hacked. And as a side note, no amount of money can fully restore your reputation once you’ve leaked data. 

While the healthcare sector as a whole may understand preventative medicine, they haven’t fully adopted preventative cybersecurity…yet.  

Whether you’re a hospital, a vendor or a contractor, if you touch privileged patient information, you’re a cyberattack target. Unfortunately, there has been an increasing trend of healthcare companies being targeted by cybercriminals. HealthITSecurity.com reports that healthcare hacking incidents rose 42% in 2020, with 31M patients affected. 

When I look through my daily ransomware/breach notifications, I see healthcare represented more and more. I pulled the following two dozen articles from August alone:

• Sanford Health target of attempted cyberattack
• Medical Insurance Provider suffers cybersecurity breach
• Greenway Health investigates ransomware incident
• Memorial Health System experiences ransomware attack
• Vaccine Records in Durham hit by cyberattack
• Dupage Medical Group suffers breach of personal information
• Vaccination reservations suspended after Ransomware attack
• Indiana Hospital turns away ambulances after Ransomware attack
• Eye Clinic suffers ransomware attack
• Outside vendor gives threat actor access to Children's Hospital
• Gelre Hospital attacked for 3 weeks by cyber criminals
• Data breach exposes healthcare details at waste management firm
• Chico State University students who requested religious exemption to vaccinations exposed
• Metro Infectious Disease Consultants notify of privacy incident
• A simple website bug put thousands of covid-19 test results at risk
• Cyber attack against Indiana Covid contact-tracing data
• 12K patient records exposed in phishing attack
• CareATC patient emails compromised
• Washington Hospital investigates electrical fires that down medical record database
• Email exposes student medical information
• Medical records left in pub on multiple occasions
• Unauthorized access to sensitive medical data at Long Island Jewish Forest Hills
• South Florida CCP notifies members of unauthorized disclosure
• Data leak by former employee at Radboudumc Hospital

I guarantee that not one of these hospitals or healthcare vendors saw these breaches coming. In fact, a large majority of companies have already been hacked, and just don’t know it. So don’t wait until you know you’re a victim to take these threats seriously.

From HIPAA to HITRUST

I’m not naive to the fact that when it comes to cybersecurity, most companies are just checking the boxes of whatever compliance framework they’re governed by. Coming from the public sector, I consider myself a professional box-checker. Sometimes there are so many boxes that your company may feel like an Amazon warehouse. 

However, there is a misconception that you have to choose between checking the box and finding new solutions. And unfortunately, the quality of the solution becomes secondary to the ease of the checkmark. But the truth is, you don’t have to choose between keeping your company secure with proactive strategies and staying compliant. Ideal strategies do both. So take the extra step to find those strategies. 

Whether you’re following HIPAA or HITRUST or SOC2 or Valentina’s Homemade Security Policy, look for solutions that can both satisfy their cybersecurity requirements and keep you proactively secure at the same time. 

Remove Blockers to Tech Innovation

Money, time, resources, apathy from those around you…I get it. Investing in cybersecurity is easier said than done. Everyone can agree that having advanced security solutions is great, but making the time and budget for them is a different story. 

But what I’m telling you is that there are solutions that are cheaper and easier than what you’re already doing, AND can make you more secure at the same time. Technology is advancing at a rapid rate, and new innovation is everywhere. Be open to it.

My company, Red Sentry, provides an automated, continuous pentesting platform that helps you monitor your cyber environment 365 days a year. This is just one example of a technology that can elevate your security to the next level. 

Conclusion

Don’t become a news headline or a cautionary tale to others in your industry. Patients trust their healthcare providers with their most private information, and it is your responsibility to keep that secure. 

Next time you get your annual physical checkup, change your passwords too. If you avoid toxins in your body, don’t open suspicious emails on your computer either. Just as you find a new workout routine, find tools that will keep your cyber environment healthy. Prevention is the key!

Learn more about HITRUST Cybersecurity framework here.

More information on security compliance: SOC2.