Cybercrime is an abstract term which has developed a specific narrative. Most often, cybercrime relates to the pursuits of criminal enterprise. So generally, there is an expectation that an incident or series of incidents are effects from organized criminal activity.
Why is healthcare a target? What makes healthcare vulnerable?
Healthcare is a target because it is a mixture of vulnerability and opportunity. Without either vulnerability, which are weaknesses and flaws, and opportunity the healthcare industry would not be as tempting a target. Criminal enterprise is a business of which the net sum is to turn a profit. Healthcare is vulnerable because medical records allow for criminal enterprise to turn a profit from the expanded effort.
What are the ramifications to being attacked via cybercrime?
Since there are an innumerable amount of ways to be attacked via cybercrime there is no real way to pin down what the exact ramifications would be if a covered entity were targeted for a cyber attack. Ultimately it comes down to a loss of revenue since the covered entity may be rendered unable to service the community as expected.
What is something every health system, hospital and practice could do right now to protect themselves?
Proper employee education and security awareness is essential; moreover, it is the type of control that crosscuts all types of covered entities. Regarding the security posture of a covered entity; workforce members are certainly the most vulnerable link. Consider bringing in a security expert to analyze your current protocols and workflow and train your employees on how to protect your health system, hospital or practice.
What steps should each health system, hospital and practice take to plan for the future?
Covered entities which have a handle on how data flows through critical systems will win the day. For help with this, consider hiring a consultant who can work with the specific needs of your health system. Healthcare is trending towards interoperability and integration, which will have decentralized patient data made available ‘live’ to create a holistic patient picture. Covered entities will be transit nodes for the dissemination of information from multiple sources with differing capabilities.