George DeCesare, Chief Technology Risk Officer for Kaiser Permanente, met with the Health and Human Services Department as well as other security experts and came away with some shocking truth. An article on Healthcare IT News provides some great insight on why falling below the cybersecurity poverty line could be detrimental to health organizations.
Seventy-five percent of the healthcare industry is below the cybersecurity poverty line,” DeCesare said at the HIMSS and Healthcare IT News Privacy & Security Forum on Thursday.
What is the cybersecurity poverty line?
While the federal poverty line is clearly defined based on household income, there is no outline for what the cybersecurity poverty line truly is. According to DeCesare, the cybersecurity poverty line is determined by whether or not an organization is investing adequately in protecting patient data.
Kaiser, for its part, fends off more than 3 billion security events every day, including some 36 million unauthorized network attacks, DeCesare said.”
DeCesare explains the importance of remaining above that poverty line this year and the years ahead, laying out some of the top threats that Kaiser is preparing for.
Hackers, state sponsors such as Russia and China seeking not just healthcare information but intellectual property and organized crime using ransomware and other attacks types looking for money.”
Additional emerging threats Kaiser is preparing for include the dark web, ransomware-as-service and vulnerabilities found in medical devices.
DeCesare also believes ransomware will change shape, going from just locking down computers to exfiltration.
Healthcare will continue to be highly targeted,” DeCesare said. “We’ll see ransomware continuing to evolve, ransomware will get a lot smarter.”
[divider_line] [framed_box bgColor=”#ffd390″]
Train your employees to spot ransomware!
All Covered Entities and Business Associates need to train their employees on HIPAA security. Our training not only focuses on HIPAA regulations, but concentrates on the risk of data breaches. We emphasize the dangers of phishing emails, phishing websites and ransomware. We teach employees how to spot phishing emails and how ransomware attacks a network so they can avoid being a victim.
Now it is easy to train your employees on protecting patient information!