Tech + Healthcare: If You Build It, Cyber Threats Will Come

health + techPicture this: Your medical record and financial information was stolen at your local hospital following a simple procedure. Now you’re unexpectedly receiving bills for prescriptions you were never prescribed and procedures you never had. While network hijacks, hacks and data breaches have been the norm for retail and financial institutions, medical records are becoming an even more lucrative target for cyber-criminals than your credit card or social security numbers.

Recent cyber attacks are making headlines and damaging reputations, particularly within the healthcare space. For example, earlier this year a Los Angeles medical center had to pay $17,000 to recover its computer network, which was held for ransom by hackers. Media coverage was hard to shake, and rebuilding trust within the community will take considerable time.

Stories like these should serve as a wake-up call to many healthcare providers and organizations that hope to ensure their technology and network are secure. That same “alarm clock” should also alert communicators supporting these businesses. Communicators need to begin planning now so they can mobilize quickly in the event of a cyber-incident (click to tweet), teaming with their leadership to triage and problem-solve immediately, and in any geography.

Medical Records for Sale:
Worldwide, the average cost of a healthcare breach is $363 per exposed personally identifiable record, according to a 2015 study by Ponemon Institute. More startling for patients, IDC Health Insights predicts that one in three Americans fall victim to a healthcare data breach this year.

Healthcare organizations are becoming increasingly vulnerable targets because of the patient birth dates, policy numbers and financial information it manages. Cyber-criminals can sell the data and buy prescriptions or apply for a health insurance plan in the patient’s name. To make matters worse, and more lucrative for cyber-criminals, medical data theft is often not quickly recognized by the patient or healthcare organization compared to data breaches targeting retail or financial institutions.

Prioritizing the Security of Patient Information:
Data breaches cost the healthcare industry $6 billion annually, while the average economic impact of data breaches per organization is $2.1 million, according to Ponemon Institute. Yet, most organizations are unprepared to address new threats and do not have the necessary resources to keep patient data safe.

The movement to more connected care has opened multiple access points for cyber attacks, including electronic medical records, mobile health technology and even medical imaging equipment. It’s safe to assume that more and more healthcare organizations will be investing in data security.

Cyber Attacks Are Hazardous to Your Reputation:
The reality today is that no organization is immune to cyber threats. Some might say, “it’s the cost of doing business.” Nevertheless, a data breach or cyber attack can be paralyzing, and significantly damage a healthcare organization’s reputation and the trust it has established with customers or patients. Learning from the lessons the retail and financial industries endured in previous years, it’s important for any healthcare organizations to assign key players and put the protocols in place now in order to be fully prepared to react quickly if a cyber attack does occur.

How a healthcare organization responds to a hack, cyber attack or data breach is now scrutinized as closely as the incident itself. This scrutiny can have a long-lasting impact on reputation, the organization’s leadership and its overall business.

The elevated reputational risk also means that there’s a demand for stronger skills in corporate reputation and crisis communications to address the debate, dialog and the rapid spread of often-inaccurate information. While this is true for most industries, it’s especially relevant in healthcare, where the data provided is often the most sensitive, the window of time between theft and discovery can be the steepest, and the expectation for personal information protection is at its highest.