2022 Healthcare Cybersecurity Predictions and 3 Steps to Take Now

Brice Voithofer

2022 Healthcare Cybersecurity Predictions look a lot like 2021, but with more risk on all fronts. More attacks, more vulnerabilities and more need to prepare. If cybersecurity isn’t in your 2022 plans, or you want to test your 2022 plan, below we offer 3 key steps to take. But first, consider the lessons from 2021.

2021 Healthcare Cybersecurity Lessons

Cybercriminals are particularly partial to the healthcare industry with its abundance of payment information and sensitive personal data that can be sold on the black market. Healthcare companies – along with companies in all industries – are looking for comprehensive strategies to avoid a repeat of 2021. Here is the “tip of the iceberg” for what hit the healthcare industry in 2021 (most ransomware and other cyberattacks are never reported; only PHI breaches are required to be reported).

  • Florida Healthy Kids Corporation: One of the largest ever healthcare data breaches was reported by the Florida-based health insurer Florida Healthy Kids Corp. The Department of Health and Human Services’ Office for Civil Rights was notified that the protected health information (PHI) of up to 3.5 million people may have been compromised.
  • In September 2021, data breaches were reported by HIPAA-regulated entities based in 25 states. Texas was the most affected state with 6 reported breaches of 500 or more records, followed by California with 5 breaches and Connecticut with 4.
  • DuPage Medical Group:  In August 2021, the Illinois-based physician group notified 600,000 patients that their personal health information was exposed when the computer network was hacked in July.
  • Memorial Health System: Hive ransomware was reportedly linked to this attack. The health system was forced to shut down its IT system during the attack and had to divert ambulances and patients to other hospitals during a weeklong outage. 

3 Essential Healthcare Cybersecurity Strategies for 2022

No business or practice is immune to cyberattacks, even smaller ones. In fact, small and midsize businesses represent 60% of attacks! That’s why it’s important to have and implement an all-inclusive cybersecurity strategy.  The three steps below work together to help keep your data safe – and all are essential. The good news is that if you have a solid program in place to protect PHI, as required by HIPAA, your program may just need some fine tuning. But if your HIPAA program is stale, now is the time to rejuvenate it with cybersecurity risks in mind.

1. Well Trained:  The best cybersecurity healthcare strategy is likely to fail without a well-informed and well-trained team. Most breaches start when an employee clicks on a link in an email or provides information over the phone to a hacker. Given the sophistication of cyber criminals, it’s easy to see how an employee can be misled. The only solution, as one organization that was hacked said, is to “have every employee be paranoid about security.”   This means you need staff (or consultants on retainer) with cybersecurity expertise to develop a comprehensive employee training program and who are readily available to answer questions or address concerns. Be sure to appoint one senior person to oversee these efforts.  What’s more, these programs must be updated on a regular basis because cybersecurity is forever evolving. Cybercriminals are constantly inventing new ways to access valuable data. There is a high price to pay if you fail to keep your employees aware of the current cybersecurity healthcare environment. The average cost of a data breach has been reported as almost four million dollars!

2. Think Hard about Software: All healthcare organizations use and rely on technology.  But when it comes to cybersecurity, the importance of having the most current and sophisticated software is crucial to protecting your organization. Check with your software provider to secure the latest software updates and to find out other ways to keep your data safe, including upgrading to newer computers. Antivirus software is essential to protect all devices from viruses, malware, ransomware, spyware and phishing scams.  It’s also important to implement strong password requirements and have experts available who can spot phishing and email scams. Although the learning curve can be steep –  if the right software isn’t already in place – there is simply no option if you want to minimize cyber risks.

3. Vet Vendors: When it comes to third-party vendors, it’s difficult to control precisely who has access to the data you share. That’s why it’s crucial to make sure the vendors you choose take HIPAA security compliance seriously and – best case scenario – are SOC2 and/or HITRUST certified. Among other requirements, these certifications indicate that a vendor has been fully educated in techniques to circumvent data breaches. Without this type of assurance, you risk creating a “weakest link” in your cybersecurity. While it’s necessary to interact with third-party vendors, it’s also essential to do your homework and choose only reputable partners.

2022 Healthcare Cybersecurity Predictions

As in 2021, but to an even greater extent, all practices and departments are vulnerable to cyber attacks, data breaches, ransomware and more. Most attacks and breaches won’t make the news. But that doesn’t reduce their impact. Firms that aren’t prepared will incur substantial costs and potential public embarrassment or worse. Firms that are well prepared are less likely to be attacked and, even if they are, will suffer much less damage.

Practices and departments that work with AdvantEdge eliminate the risks from internal billing systems and reduce billing related data breaches. And they can rely on AdvantEdge systems and procedures built to keep PHI and other client and patient information safe and secure. The latest antivirus tools are in place, strict training keeps employees current on risks, data is always encrypted, AdvantEdge systems limit the data each employee sees to that needed for their specific function and much more.   For almost ten years, AdvantEdge has been certified annually for HIPAA and HITECH privacy and security as well as SOC 1 Type 2 and SOC 2 Type 2 for information security and transparency.

  

Resources

https://medium.com/geekculture/cybersecurity-in-2022-growing-concern-with-greater-opportunity-8a49828e00d5

https://www.hipaaguide.net/florida-health-insurer-discovers-breach-of-the-phi-of-3-5-million-individuals/

https://www.hipaajournal.com/september-2021-healthcare-data-breach-report/

https://chicago.suntimes.com/business/2021/8/30/22649201/dupage-medical-group-notifying-patients-data-breach

https://www.beckershospitalreview.com/cybersecurity/fbi-warns-of-hive-ransomware-after-memorial-health-attack-in-ohio.html#:~:text=FBI%20warns%20of%20Hive%20ransomware%20after%20Memorial%20Health%20attack%20in%20Ohio,-Hannah%20Mitchell%20%2D%20Wednesday&text=The%20FBI%20issued%20a%20warning,a%20result%20of%20the%20attack.

AdvantEdge
AdvantEdge