BLOGS
EASY SUBSCRIBE


Patient Privacy

Interoperability and EHR Optimization

Report Writing

The Consequences of Not Doing Enough About Cybersecurity

Written by Guy McAllister, Director, Privacy & Security - iatricSystems | @

SecureRamp Cybersecurity Blog Post June 2019

I grew up being told “there are consequences to your actions young man!” Sometimes those consequences I faced were small and moved past me without much fanfare, while others seemed to knock me down. Often, these consequences came from wrong choices, and at times they came when I made the right choice but didn’t put my heart into it and do enough. One thing I can attest to is those consequences, great or small, helped make me a better person today.

In recent days several cybersecurity related consequences have made state and national headlines. Here are just a couple examples.

  • Two Florida cities had their computer systems infected with ransomware, crippling them.
    • Both cities opted to pay the ransom to receive the key to decrypt their files. Between the two cities, the total ransom was over 1 million dollars paid out through insurance policies for both cities!
    • One can’t help but wonder what the long-term consequences are to funding cybercriminals? One also wonders what security measures these cities have put in place to better protect them in the future?
  • AMCA’s recent bankruptcy filing. AMCA is the third-party collection agency that exposed over 20 million patient records from Quest Diagnostics, LabCorp and BioReference.
    • In the filing AMCA claimed in a healthcareinfosecurity.com article that “the breach not only caused AMCA's largest clients to end their business relationships with the Elmsford, New York-based debt collection agency, but has also resulted in "enormous expenses that were beyond the ability of [the company] to bear," Russell Fuchs, RMCB's owner and CEO, says in court documents.” A 42-year-old company will no longer exist because its web portal was hacked and exposed.

I share these examples, not to judge these entities, but to encourage everyone to ask themselves if they are doing everything they can to avoid and protect against a breach.

Consequences are real, and in both situations, as with many of the daily breaches that happen, the outcomes could have likely been avoided with more planning around security.

Every healthcare system takes its mission seriously, as do the Florida cities and AMCA; however, cybersecurity must be on everyone’s radar from the top leadership down to the employee who monitors a web server or opens a suspicious email.

And it’s ever evolving. Just because you’ve put measures in place one day, does not mean that you can rest and not continue to do more to protect yourself against new potential breaches.

Let’s hope that the ultimate outcomes from these breach consequences strengthen our resolve to better protect data and stop the criminal activity of illegally accessing systems and stealing data. Maybe one outcome is that we do a better job of locking down the access to that data.

If you would like to learn more, then join us for an informative webinar on July 11th at 2pm ET, “Tips for Winning the War on Cybersecurity” where Tony Scott, Founder/CEO of Technical Financial Services will share the healthcare breach risk areas of greatest concern, and you will also learn tips for how you can lower your risk for a breach.

 



 

Topics: cybersecurity, protect PHI, secure remote access, remote network access, network security

Subscribe to the Privacy and Security blog.

Receive the latest articles directly in your inbox.
Enter your email address and click SUBSCRIBE:

Comments

0 COMMENTS