Centuries ago, preventing an enemy from attacking your castle was fairly straightforward. Typically, there were limited methods that opposing forces could breach the walls. Those vulnerabilities could be protected in a fairly straightforward way, by a moat, a drawbridge, or guarded under constant surveillance. 

But now, we live in a very different world of malware, social engineering, cyberattacks, and hackers. For healthcare organizations, these digital foes threaten from every side. Not only do healthcare organizations face financial pressures from the government, insurance companies, and others, but they are also threatened by an average of 203 hacking attempts across the healthcare industry daily. When these hackers are successful, valuable financial resources are siphoned away instead of being used to better serve and care for patients. 1

A recent report found that nearly 93% of healthcare organizations have experienced a data breach in the past three years, and 57% have had more than five data breaches during the same timeframe. 1

The stakes are incredibly high in healthcare due to the sensitive financial and medical nature of the data, and the consequences of falling victim to ransomware attacks can be devastating. These include operational disruptions, financial losses, and potential harm to patient care are all on the line, not to mention the negative impact on the organization’s reputation within the community.

This can be even more devastating for small and rural health organizations. One report found that ransomware attacks on smaller healthcare organizations are more harmful, resulting in median damages of $15.2 million, with a loss of 30 percent of estimated operating income. This includes financial losses linked to revenue decline, remediation expenses, brand impairment, and legal charges that may confront healthcare entities. Aside from monetary setbacks, healthcare organizations could undergo operational disturbances and jeopardies to patient safety due to a cyberattack. 2

In their 2022 Cybersecurity Survey, HIMSS found that should ransomware attacks occur, roughly 42% of healthcare cybersecurity leaders assert that their organizations would not pay the ransom in the event of a ransomware attack, but more than 55% of respondents say they are uncertain about their organizations’ stance on ransom payment, and only a small fraction expressed that their organizations would definitely comply with the ransom demands (1.89%). 3

Gratefully, there are steps that healthcare leaders can take to prevent and mitigate the damage of these cyberattacks. One beneficial and increasingly popular tactic is the use of third-party vendors. HIMSS emphasizes the importance of collaboration and information sharing in enhancing cybersecurity practices. They found that 42.7% of healthcare organizations are seeking assistance from external data security vendors. By teaming up with vendors, revenue cycle leaders can tap into a wealth of expertise and tools, bolstering their security defenses against evolving threats. 3

The HIMSS survey included the following action items for organizations to consider: 3

  • More frequent, practical cybersecurity training for everyone
  •  Broader awareness training for everyone
  •  Hiring and retaining qualified cybersecurity professionals
  •  Passwordless multi-factor authentication
  •  Robust incident response teams
  •  Digital forensics (post-incident)
  •  Third-party vendors – leveraging third-party expertise to reduce organizational risk
  •  Information sharing about threats and mitigations with peers
  •  Insider threat detection

Following these recommendations can help healthcare leaders better protect their digital healthcare castle. By doing so, they can ensure the security of financial and operational data and, above all else, the safety and privacy of their patients’ information, thus allowing the crucial mission of providing care to continue uninterrupted.

Reviewing what data you have housed with third-party vendors is also a good practice. Sharing protected health information (PHI) with a third party is another source of a potential data breach. Ensure you have a current record of what data you have stored across your and your partner’s systems. This will help you maintain strong and consistent security across your digital ecosystem and be a source list of places to draw on in case of data loss.

One of Wixcorp’s client partners was struck with a ransomware attack a few years ago. The medical group lost access to not only their EMR but also all their backups. Fortunately, their interface with the Redde platform stayed secure, and they were able to restore 100% of their billing data from the Redde system within hours of the attack.

It would take weeks before their EMR was fully up and running again. However, during that time, they were able to continue to process patient and digital insurance payments through the Redde platform, ensuring ongoing revenue during an extremely difficult and costly time for the organization.

If you’re looking for assistance or have any questions about how to better secure your financial data and payment processes in the case of a cyberattack, you can contact us at info@wixcorp.com for a free consultation.

Learn more
Visit Wixcorp.com

References:

  1. https://www.getastra.com/blog/security-audit/healthcare-data-breach-statistics/
  2. https://healthitsecurity.com/news/quantifying-the-financial-impact-of-healthcare-ransomware-attacks
  3. https://www.himss.org/sites/hde/files/media/file/2023/04/17/2022-himss-cybersecurity-survey-x.pdf

Leave a Reply