If you are like most of the healthcare industry, the answer is “yes” according to a recent study by the United States Department of Health and Human Services. The department’s Health Care Industry Cybersecurity Task Force report, a result of the work of 21 cybersecurity experts, was issued in late spring and found that this most private of information is at significant risk of being compromised by malware or cyber hacking. “HHS task force says healthcare cybersecurity in ‘critical condition’,” according to Jessica Davis from Healthcare IT News.
The task force reported that the health care industry was breached by cyberattacks more often than any other industry in 2015. Combined with the increase in ransomware attacks the following year, the report found that sensitive patient information is at high risk of attack. The report listed several contributing factors. These include the idea among smaller entities that they are relatively safe from these attacks, because attackers target larger health care providers. This has proven false. Because the health care industry is so interconnected and interdependent, the industry’s cyber safety is only as “secure as the weakest link.” Id. Basically, if the would-be attacker can gain access to anyone within the system, it can probably access all who do business within that system. Furthermore, the report found that due to staffing shortages, three-fourths of hospitals do not have anyone dedicated to these security issues.