- The Workgroup for Electronic Data Interchange (WEDI) released a healthcare cybersecurity primer designed to help healthcare organizations better defend themselves against cyber attacks.
The Perspectives on Cybersecurity in Healthcare report highlights healthcare cybersecurity areas that organizations must handle on a regular basis, and discusses challenges that can arise in those areas, according to a WEDI release. Healthcare cybersecurity could benefit from a “culture of prevention,” the primer explained.
“The frequency, scope and sophistication of cyberattacks are growing at a worrisome rate in healthcare,” WEDI President and CEO Devin Jopp, Ed.D, said in a statement. “Between 2010 and 2014, approximately 37 million healthcare records were compromised in data breaches. But in the first four months of 2015 alone, more than 99 million healthcare records have already been exposed through 93 separate attacks. The risk of cyberattacks is no longer limited to the IT desk – it is a key business issue that must be addressed by executive leadership teams in order to build that ‘culture of prevention.’”
The healthcare cybersecurity primer covers the following areas:
- The Lifecycle of Cyberattacks and Defense
- The Anatomy of an Attack
- Building a Culture of Prevention
Ensuring that a healthcare organization is able to build a strong culture of prevention is essential, according to the report. For example, entities need to address how to prepare and monitor attacks, and also how to properly respond and recover from breaches. Moreover, “security architecture should be able to stall adversarial efforts, thwart attacks at each phase and facilitate a rapid response.”
“By overlaying these with counter-responses to the tactics, techniques and procedures that a threat adversary may employ, Chief Security Officers can develop a robust defensive infrastructure,” the report stated.
It is also important to remember that there are several cybersecurity frameworks that have been created to help guide healthcare organizations in the best ways to create and implement necessary defenses. The National Institute of Standards and Technology (NIST) framework, The International Organization for Standardization (ISO) framework and the Control Objectives for Information and related Technology (COBIT) framework are all good options to help healthcare organizations in their cybersecurity measures.
“No healthcare organization can be completely immune from cyber attacks and adversaries,” the report explained. “However, they can take appropriate measures to erect defenses and integrate cybersecurity into the business environment and culture.”
This is the most recent push that WEDI has made to encourage stronger healthcare data security measures. Earlier this year, WEDI conducted a survey to show how healthcare stakeholders view interoperability and how they are working toward achieving that goal.
Survey results showed that internal data encryption, as well as at-rest data encryption, are two areas where healthcare facilities could improve. Moreover, 49 percent of respondents said that data is encrypted when in-transit externally, while 35 percent stated that it was encrypted for internal in-transit use. Just 36 percent reported using data encryption for when information is at-rest.
“Security concerns are reported to deter organizations from electronically exchanging data externally with non‐affiliated organizations, but generally do not deter stakeholders from internally exchanging data,” WEDI said.