Written by Rich Murphy, Product Director - iatricSystems
As we put 2020 in the rear-view mirror, the only way to see if we’re making progress is to take a quick glance back. The pandemic made hospitals a large target for malicious cyber threats, and when you look at the data, you’ll see the spikes of data breaches throughout the year.
Kicking off 2021, January saw a 48% month-over-month reduction in the number of data breaches. However, within those 32 incidents, the largest healthcare data breach of all time occurred, affecting 3.5 million individuals. The Florida Healthy Kids Corporation breach included 4,467,098 records, which exceeded December’s total by more than 225,000 records.
Overall, hacking and other IT incidents continue to be the root cause of most healthcare data breaches. There were 20 hacking-related incidents reported in January alone, which accounted for 62.5% of the month’s breaches. Nearly 4.5 million individuals had their PHI compromised or exposed, with the average breach size being 220,688 records per breach.
The reality is that while the number of incidents is going down, the impact of even just one breach can impact hundreds, thousands, and even millions of people.
With so much at stake, the nonprofit Center for Internet Security (CIS) announced that it had launched a no-cost ransomware protection service for private hospitals in the United States.
The Malicious Domain Blocking and Reporting (MDBR) service is funded by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and was initially aimed to improve the overall cybersecurity posture of government organizations. Since its inception, CIS reports the MDBR service has blocked more than 748 million requests for known and suspected malicious web domains in the government sector.
Today, CIS and Akamai are now offering the service to independent hospitals, multi-hospital systems, hospital-based integrated health systems, post-acute patient care facilities, and specialty hospitals.
While MDBR is better than having nothing at all, the service is only a tiny piece of what should be a hospital organization’s full cybersecurity strategy. Much like a DNS Firewall, MDBR only blocks and filters some threats based on known bad URLs, IPs, and malicious websites. You likely already have something like this in place today.
Cybercriminals are becoming more sophisticated every day and know how to work around firewalls. When you think about cybersecurity, imagine your network being at the center of your fort. To protect it, you wouldn’t have all your knights stand at the castle door just waiting to be attacked. You’d want to protect it from all angles, create obstacles, and keep an eye out for the enemy before they come knocking.
In that case, would you really feel safe if all you had was a DNS firewall blocking known threats from the past?
A true cybersecurity strategy protects against the known and the unknown. Covalence is a plug-and-play solution managed by a team of experts who monitors your networks 24/7, looking for anomalies to send curated alerts to your IT team, so you know when to jump into action and proactively prevent threats. Want to learn more? Request a meeting to talk with one of our security experts.