Across a health system’s digital terrain, the most vulnerable assets are connected medical devices. If those devices become compromised, the infiltration could impact a patient’s privacy, health and safety. Moreover, it could shut down care delivery for days, weeks or longer, with long-lasting financial and reputational impacts. According to Deloitte, an estimated 70% of medical devices will be connected by 2023.

The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system. Health professionals should not take this issue lightly, as financial assets and intellectual property are at risk.

ePHI stands for electronic protected health information. Electronic protected health information is protected under the Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA. ePHI security is governed by the HIPAA Security Rule. With the rise of telehealth, covered entities need to understand the requirements for safely transmitting, storing, and using ePHI to be compliant with the Security Rule and to protect a patient’s privacy.

Across a health system’s digital terrain, the most vulnerable assets are connected medical devices. If those devices become compromised, the infiltration could impact a patient’s privacy, health and safety. Moreover, it could shut down care delivery for days, weeks or longer, with long-lasting financial and reputational impacts. According to Deloitte, an estimated 70% of medical devices will be connected by 2023.

Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has two key provisions: the Privacy Rule and the HIPAA Security Rule. The Privacy Rule establishes standards for protecting certain health information, or PHI. The Privacy Rule requires those organizations that are governed by HIPAA (covered entities) to implement safeguards to protect the privacy of PHI, and gives individuals the right to access and share their health records.

The wealth of sensitive personal and financial data managed by hospitals and health systems, coupled with known cybersecurity vulnerabilities, makes the healthcare sector an inviting target for cyberattacks. In the last three years, 93% of healthcare organizations have experienced a data breach, and 57% have had more than five breaches.

While the COVID-19 pandemic brought much of the world to work together to advance medical research and slow the spread of the disease, it may be of little surprise that cyber threat actors took advantage of the pandemic for their own personal gain. While all industries can be affected by a cybersecurity incident, the nature of the health and human services industry’s mission poses unique challenges.

Over the last two years, the healthcare sector has been the number 1 target for hackers who have attempted to attack health centers or even the health department of an entire country. The industry faces threats such as ransomware that blocks the whole healthcare system, deceptive techniques such as phishing, or breaches of sensitive data.