In 2020, US healthcare organizations lost $21 billion because of ransomware attacks alone. Cybersecurity issues have emerged within major companies like CommonSpirit Health, the Department of Health and Health Service Executive (HSE) of Ireland, and Kronos in the last two years. To make matters worse, coordinated cyber and disinformation attacks are becoming more of a threat to public health. These attacks can happen to anyone and any business, regardless of scale or size, simply by using the internet.
All it takes is one attack to cripple your business. Research shows hackers take less than 5 hours to break into an enterprise environment. While you may think these security risks don’t apply to your small business or nonprofit, no one is completely safe online.
Cybersecurity is everyone’s responsibility, and nobody wants to be responsible for an attack that effectively damages their business or reputation, especially when patient data is on the line. Our partner Cybersecurity & Infrastructure Security Agency, or CISA, encourages everyone to see themselves in cyber this Cybersecurity Awareness Month. Here’s how you can prioritize cybersecurity for your digital healthcare startup in 3 easy steps.
Creating cybersecurity awareness and policies that keep your employees safe is easy; increasing compliance proves challenging for organizations. Even the biggest healthcare companies face issues with compliance. Old operating systems with default passwords make remote patient monitoring susceptible to attacks. In hospitals, there are well-known workarounds to increase efficiency, like preventing automatic log-outs by blocking sensors or downloading digital data sets to mobile devices. While this may be necessary to keep up with patient demand, it puts their system and people at risk. No matter what policy you create, getting everyone on your team involved in being compliant and implementing your security protocols is essential for mitigating cybersecurity risks.
While it may be nearly impossible to pinpoint a single guilty party in major data breaches within the healthcare industry, taking responsibility for your own is still important. Prepare your business for a future attack now. While clinicians and hospital staff should already be following their company’s security protocols, smaller businesses can focus their efforts on enabling multifactor authentication (MFA) wherever applicable and on all devices. This is critical if you have patients who use apps with personal health data or health insurance information. After you’ve enabled MFA, you’ll need to use strong, unique passwords and a password keeper, such as LastPass, to store them.
Cybersecurity training is essential for any business to thrive. In addition to installing the right equipment and paying for monitoring or firewall protection, you’ll need to invest time and money into training your employees on smart cybersecurity practices. Your team must know how to spot phishing attacks in today’s work environment. Keep training materials simple, focused on identifying specific threats, and easy to follow for all employees in your organization. CISA provides several toolkits to help you get started with your organization.
Implementing tools for cybersecurity in your organization can feel like insurance: if you aren’t using it, what are you paying for? But the benefits far outweigh the risks and costs associated with a damaged business or reputation. You can start by taking these steps to arm yourself against cybersecurity attacks now.