Healthcare IT security moves quick. As we edge towards the close of 2023, things are getting more serious and concerning for healthcare business leaders. Recent data suggests an upward trend in cybersecurity threats specifically targeting healthcare entities. At Stringfellow, we’re deeply involved in the healthcare IT security sphere. This blog will break down the latest happenings for you so you can stay informed and updated.
The Alarm Bells: Cybersecurity Threats in Healthcare
- A Surge in Attacks: Since the beginning of 2023, the US Department of Health and Human Services’ Office for Civil Rights has reported a whopping 327 data breaches [3][4]. If we wind the clock back to mid-2022, this number stood at a mere 160, marking an increase of more than 104% [3][4].
It’s not just healthcare providers that are at the crosshairs. Health care business associates and adjacent partner companies are also grappling with a 273% rise in reported breaches, from 22 in mid-2022 to 82 this year [3][4].
We don’t expect it to slow down anytime either. The rise in cybersecurity attacks and data breaches will continue. This makes it even more important for small groups to get serious about their security. - An Industry Responds: The federal PATCH Act, Protecting and Transforming Cyber Healthcare, is a newly minted legislation designed to counter this rising tide of hackers. Going live on October 1, 2023, it mandates medical device manufacturers to adhere to four pivotal cybersecurity requirements before gaining U.S. Food and Drug Administration approval [3][4].
This is a big deal and will help to protect infrastructure for some major businesses, but smaller companies don’t have such mandates in place. Even without this kind of government policy, your smaller clinic group needs to be protected. Your team all work on the same internet as the big guys. Your IT group needs to be up to par, not trying to figure it out as they go and reacting to IT security challenges when they happen. A proactive approach is the best approach.
The Support Systems: Tools and Collaborations
The industry’s response has been swift and multifaceted:
- The Collaborative Cybersecurity Healthcare Toolkit: A joint venture between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), this toolkit offers an array of best practices, guidance, and resources [2]. It’s a veritable treasure trove for healthcare organizations aiming to pinpoint and manage cybersecurity risks [2].
Despite tools like this being made public, it still takes a deeper understanding and comprehension of the IT security situation for groups to be able to take advantage of tools like this. Ask your technology provider for an updated security strategy for your firm or reach out to us so we can help you get one in place. - Executive Action on AI: Another transformative step has come straight from the Oval Office. President Biden’s executive order on ensuring AI is safe, secure, and trustworthy sets forth new standards for AI security [6]. This move doesn’t just fortify the healthcare domain but ensures a holistic approach towards AI safety, covering threats to critical infrastructure and much more [6].
For things to get this serious, companies have to be realistic about what this means for their business. AI security has opened up brand new attack vectors and even attack styles. This means smaller groups have to get more sophisticated to stand up to AI hackers and hackers using AI tools. Also, your users and employees need training. Your staff is the first line of defense from hackers using social engineering, phishing and other attacks on your clinic. They need to be aware of what’s going on and be ready to respond appropriately.
So, What’s Next for Your Organization?
If there’s one clear takeaway from the current scenario, it’s that proactive action is no longer optional. As a managed healthcare IT services firm based in Nashville, TN, Stringfellow partners with you. We understand the intricacies of healthcare IT security and make daily commitments to ensuring your organization remains ahead of potential threats.
Citations:
[3] https://www.medicaleconomics.com/view/computer-attacks-in-health-care-are-booming-so-far-in-2023
[4] https://www.urologytimes.com/view/health-care-cyberattacks-soaring-in-2023
[5] https://fortifiedhealthsecurity.com/blog/healthcare-cybersecurity-threats-sept-2023/
About Stringfellow:
Stringfellow is a managed healthcare IT services outsourcing firm in Nashville, TN, specializing in healthcare IT, including managed services, compliance and security, Microsoft 365 management and IT support. We bring expertise, innovation, and a hands-on approach to safeguarding your organization. Let’s forge a future where security is paramount.