Healthcare organizations continue to be an attractive target for hackers and other threat actors, as shown by stats from 2023 related to healthcare data breaches. Events in 2023 involved large volumes of data; emphasis on malware, ransomware, and phishing as attack vectors; and exploitation of vendors and suppliers (business associates, in healthcare parlance) to get access to patient data.
Why It Matters
All of us as patients and consumers have a vested interest in making sure that health records and the systems that support delivery of healthcare remain secure. If records are accessed, patient privacy is at risk; if healthcare IT systems are paralyzed, patient care is at risk. Moreover, the healthcare industry presents a target-rich environment: reams of the most sensitive data, including extensive financial information, which has significant market value.
The study covered in the linked report (and many others besides) indicates an ongoing need to train personnel on security hygiene (recognizing phishing, for instance). It also points up the need to vet suppliers to ensure that their security (technological, behavioral, and otherwise) is up to standard. These are principles that are equally valid no matter what industry you're in: upgrade your technology to safeguard data, train employees to play their part, and use a combination of screening/audit and contract-enforcement mechanisms to bring vendors up to par.
Subscribe to Taylor English Insights by topic here.