It’s official: Healthcare remains the most breached industry in 2019. In the first half of the year, 32 million healthcare records were breached — double the total for all of 2018. And there are no signs that cyberattacks in the healthcare industry are going to cease.
It seems that the size of an organization doesn’t matter, as both large and small healthcare providers get breached. The difference is, big organizations have more data that hackers can sell; small companies lack security resources, which makes them easier targets. But why has healthcare overtaken financial institutions as the top target for hackers? Because hackers see a great opportunity to get a ransom for their stolen information.
Medical records are very private and sensitive data, so no one wants theirs to get leaked and posted online. For example, early this year, confidential data, including the medical status of more than 14,000 people diagnosed with HIV, was stolen and leaked online in Singapore.
Besides private medical information, criminals can get their hands on other very important data, some of which is even more sensitive than uncomfortable pictures or a medical history. That includes contact details (email, phone number, home address), social security numbers and banking information. If stolen, this data can lead to financial troubles and even identity theft.
Healthcare organizations make ideal prey for hackers, as many of them use outdated security software and continue to underinvest in cybersecurity. The healthcare industry invests only 4 to 7 percent of revenue in digital security initiatives. To compare, the financial sector puts 15 percent of its revenue into cybersecurity.
To avoid a bad reputation and legal actions, healthcare organizations must make cybersecurity their top priority. Here are four main tips on how healthcare organizations can protect themselves from getting hacked:
Employee training. Human error, or employee negligence, is one of the main factors that make organizations susceptible to cyberattacks. To prevent various failures of compliance, healthcare companies should invest in cybersecurity training. Employees should learn about data breaches from experts and get regular updates on recent trends. For example, members of staff need to get an understanding about phishing emails. They should know not to click on any links, open any attachments, or perform any requests that come from questionable sources. This will prevent them from downloading malware or sharing sensitive information with impersonators.
Better password management. Passwords play the most important role when protecting a company’s files and data. Therefore, the best practice would be introducing password managers in the organizations. Such tools will generate strong and unique passwords and safely store them at the convenience of the staff. Passwords shouldn’t be shared among employees.
Encrypt the files. To protect a company’s documents from prying eyes and safely store them both on a computer and in the cloud, they need to be encrypted. This is especially handy when sharing confidential information with clients or among members of staff. With file encryption tools, like NordLocker, even if a hacker manages to steal important files, they will not be able to access their content.
Use a VPN. Healthcare organizations usually use an intranet for private internal communications. But when traveling, working remotely or using public Wi-Fi, employees need a secure connection to access work resources. Here’s where a VPN (virtual private network) comes into play. It creates a secure encrypted tunnel between an employee’s device and the internet — or a company’s server. That protects their connection from third-party access, should there be hackers ready to breach the system.
Daniel Markuson is internet security enthusiast and digital privacy expert at NordVPN — the leading virtual private network provider worldwide, which has a zero-log policy and provides double VPN encryption, malware blocking and Onion Over VPN — who loves putting his 10-year expertise into helping people stay private and secure online.