Cybersecurity ranked first among the projected areas of greatest impact for health IT in 2019, according to a survey of executives from 38 health systems conducted by the Center for Connected Medicine (CCM).
Other notable results from CCM's "Top of Mind for Top Health Systems 2019" report included:
- 87 percent of health system executives expect their organization's cybersecurity spending to increase in 2019, with nearly half expecting an increase of greater than 5 percent.
- 70 percent reported being "somewhat confident" in their organization's IT recovery and business continuity plans, and 20 percent said they were "very confident" in these plans.
- 62 percent cited "staff" as their organization's greatest point of cybersecurity weakness.
- Phishing and spear-phishing attacks were cited as most common types of cyberattacks in the past 12 months.
- Employee education was the most commonly cited cybersecurity challenge.
Healthcare is among the most-targeted industries relative to cyberattacks, CCM noted. As such, health systems are increasingly prioritizing cybersecurity – a trend that appears likely to continue in 2019 and beyond.
Cybersecurity Best Practices for Health Systems
Health systems sometimes struggle to safeguard their critical data against cyberattacks. However, endpoint detection and response (EDR) platform provider Digital Guardian offers a variety of cybersecurity best practices to help health systems protect their data against cyber threats, including:
- Teach healthcare staff about cyber threats. Human error and negligence are among the top reasons why cyberattacks occur in the healthcare sector. To prevent these mistakes, a health system can educate its staff about cyber threats to help its employees identify cyberattacks before they escalate.
- Limit access to data and applications. Deploying access controls ensures that only authorized users can access a health system's data and applications. In addition, a health system can implement access controls such as multi-factor authentication (MFA) to further reduce the risk of unauthorized access to its data and applications.
- Monitor and log data use. Logging access and data usage enables a health system to see which users are accessing what information, applications and other resources. It also allows a health system to evaluate when information, applications and resources are accessed and from what devices and locations.
- Encrypt data. With data encryption, a health system can make it more difficult than ever before for hackers to access its sensitive data and applications.
- Perform risk assessments. Risk assessments should be performed regularly to ensure that a health system can identify and address evolving cyber threats.
MSSPs can partner with health systems, too. If MSSPs offer EDR, risk assessment and other security services to health systems, they can help these organizations minimize cyber risks and comply with data security mandates.