Steve and Mark are camping when a bear suddenly comes out and growls.
Steve starts putting on his tennis shoes.
Mark says, “What are you doing? You can’t outrun a bear!”
Steve says, “I don’t have to outrun the bear—I just have to outrun you!”
We know… it’s an old joke, but very applicable to today’s topic.
The start of every new year brings with it resolutions and plans for the future. Most organizations operate the same way. We hope that cybersecurity made it to the top of that list. It certainly did in a recent report from the Center for Connected Medicine.
They surveyed 38 major healthcare systems across the country. Responders included 44 executives consisting of CEOs, COOs, CIOs, Chief Medical Informatics Officers, Chief Nursing Informatics Offices, and more. Those 38 healthcare systems represented the following:
Cyber-Attacks Continue to Grow
Breaches occur continually. There were 2,149 breaches between 2010 and 2017. The fallout of these breaches continues to get worse as time goes on. In October, Anthem, a health insurer, agreed to pay a fine of $16 million for a breach of 78 million records. This steady increase and attacks and costs makes cybersecurity the number one concern for these health systems.
Biggest Challenge: Employee Awareness
62% of executives consider employees to be the weakest link in facing those attacks. Why? Phishing attacks are now so well-engineered that they look legitimate. Without proper training, only one staff member needs to click on the wrong email to open the door to malware. That malware can lead to downtime across the entire organization. Responders listed phishing as the number one type of attack hitting their organizations. We see it all the time. Employee education should be your organization’s top priority for 2019.
Healthcare IT Recovery Plans
Even with all the attention cybersecurity has received over the years, responders lack confidence in their recovery plans. When asked about their ability recover quickly after a data breach, corruption, or loss, this is how they answered.
While no one said they were “very worried” or “had no plan”, these executives didn’t question whether or not a cyber-attack will occur. Their chief concern was what happens when it occurs. One CEO said:
“The people that are up to no good have far better tools than we do on our platforms. If they really target you, they will likely find a way in…. We are not trying to make it impenetrable, but we are trying to make it more difficult to break into our system than others in our market.”
Do you see how the joke applies now? That’s exactly what these executives are hoping for with their organizations. They don’t need to be the Fort Knox of data. They just have to be more secure than most organizations, so attackers choose the easier targets instead.
Where Does That Leave Your Organization?
Going forward, cybersecurity will never go away. Cyber-attacks will grow more sophisticated. We’ll have to learn new ways to stay ahead of the curve. You don’t have to outrun the bear or be the fastest runner. However, your organization must run. If you need help creating a recovery plan or implementing cybersecurity and employee education, contact us today. Get started with a free consultation, and we’ll help keep your organization safe.