Why Information Security is Important for Hospitals and Healthcare

Written By Christopher Boyer

I recently read an article from NPR titled “Cyberattacks on health care are increasing. Inside one hospital’s fight to recover”.  The story details the trials of Johnson Memorial Health in Indiana after they were hit with a ransomware attack.  It happened in October of 2021, and the ramifications and aftermath of the attack were both eye-opening and chilling.

If you get the opportunity to read the article, I highly recommend it.  I pulled some of what I thought were the most important facts and points from the article to list here:

How bad was it?

  • They had to revert to using paper and pen.
  • One maternity department manager described the experience as the hardest challenge she’s ever faced in 24 years of experience—even worse than COVID.
  • With systems down, they had to switch to manual operations, which made staffing a nightmare.
  • It took 6 months to resume near-normal operations.

A breach doesn’t really cost that much, does it?

  • Cyberattacks on hospitals cost an average of $10 million per incident, excluding any ransom payment.
  • A class action lawsuit could be initiated by patients whose data was compromised because of a breach.
  • The Office for Civil Rights can also impose financial penalties against hospitals if HIPAA-Protected patient data is divulged.

Cyber insurance will cover all the damage, won’t it?

  • After submitting a claim to their cyber insurance two years ago, they still haven’t received a payout.  In addition, their annual insurance premium has increased 60 percent since the incident.
  • Since the incident, they’ve had to invest heavily in Information Security/Cyber Security as a result.

Can’t you just pay the ransom?

  • If you pay the ransom to what the FBI deems a terrorist organization, you can be fined by the U.S. Department of the Treasury’s Office of Foreign Assets Control.

Taking steps to ensure your network is secure before an incident can save millions of dollars in the long run and make getting back online in the event of an incident a matter of hours or days instead of weeks or even months. It’s important to make sure that security best practices are being followed and that you have a technology partner who’s familiar with the challenges and trials ahead.  

MHD is a HIPPA compliant managed service provider whose customers already include healthcare providers in the Tampa Bay area.  Let us help you ensure the safety and security of your organization so you can get back to running your business.

Leave a Reply

Your email address will not be published. Required fields are marked *