It’s no secret that the healthcare industry is a leading target for cyber criminals. 2017 saw an exponential rise in data breaches affecting both healthcare providers and industry partners, with healthcare accounting for 25% of data breaches worldwide in the first half of the year.
Cyber incidents and threats
According to a recent report, hacking and malware are the most common causes of a data breach and, of the total reported malware incidents that affected healthcare organisations worldwide in 2016, 72% were attributed to ransomware. Attacks such as WannaCry and NotPetya can have a devastating operational impact and result in crippling costs. Although some organisations have now prepared themselves to respond appropriately to such threats, cyber criminals are always developing new and more sophisticated tactics.
Cyber criminals are not the only threat to information security in healthcare. Misdelivery of information, disposal error and loss accounted for nearly a third of all data breaches in 2016. This highlights the need for organisations to implement a robust staff training programme that addresses individual responsibility for data security.
Compliance obligations
2018 sees changes to the compliance obligations facing healthcare organisations. The forthcoming General Data Protection Regulation (GDPR) will require healthcare organisations to examine the scope of information that they process and take appropriate measures to comply with the Regulation. The Directive on Security of Network and Information Systems (NIS Directive) also comes into effect in May 2018 and will require operators of essential services, including healthcare providers, to take appropriate measures to secure their network and information systems and minimise the impact of security incidents to ensure service continuity.
Addressing these challenges with a single solution
To address these challenges, healthcare organisations need to ensure they are implementing the correct processes, procedures and systems to prevent and respond to cyber attacks.
IT Governance examines how a robust cyber resilience plan can help healthcare organisations address information security and business continuity, and help to achieve compliance with the GDPR and NIS Directive.
IT Governance offers a wide variety of IT governance, risk management and compliance (IT GRC) solutions, with a special focus on the GDPR, ISO 27001 and cyber security. Since 2003, we have successfully partnered with healthcare providers, research bodies and industry organisations of all sizes to deliver practical solutions to IT GRC concerns. Our dedicated healthcare specialists are available to discuss the common challenges facing healthcare organisations and specific solutions to meet your priorities.
For more information, visit our website or speak to an expert.
