David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Oct 13, 2017

HELPING HEALTHCARE PROVIDERS UNDER CYBER ATTACK

The healthcare industry is under cyber attack. It is the victim of high-profile ransomware attacks - in some cases, such as the recent WannaCry outbreak, entire hospital operations have been shut down. And some of the largest breaches on record have targeted health insurers and patient care facilities. This is no surprise when the value of protected health information (PHI) on the black market is at least 10X higher than credit card data. Customers like Methodist Le Bonheur Healthcare have turned to Mimecast as the number of phishing and malware links coming in via email have increased. Given the number of breaches we see posted every month on the HHS website, it’s clear that just training employees isn’t enough.

At the center of this crisis are healthcare providers. You are providing critical care; you are the custodians of highly sensitive patient data (because it's impossible to imagine a scenario where highly skilled medical staff wouldn’t have access to personal and medical details), and you are handling the post care activities from the post-op follow-up to billing.

It is no wonder, then, why healthcare is the only industry where employees are the predominant threat of a breach - both from well-meaning employees, as well as malicious insiders.

HIPAA security standards specify the necessary steps a healthcare organization must take to protect PHI. But busy staff members are bound to make mistakes. With the ubiquity of email, it’s not uncommon to see breach examples of an employee accidentally attaching a spreadsheet or document containing PHI.

Unfortunately, it’s also not difficult to find examples of employees abusing their access to PHI and systems. At the end of July, it was widely reported that an employee of the services firm LaunchPoint may have exposed PHI of more than 18,000 patients by sending a file with patient data to a personal email address.

To prevent brand damage, fines, and audits, healthcare organizations must actively seek to identify and prevent PHI from leaving the organization without the proper encryption and safeguards in place. This is just as essential as securing PHI against external attackers. However, both can be an impossible task without the right technology. Even the savviest of healthcare providers don’t have time to assess the risk of every email you receive and every link and attachment you click on, or verify and encrypt everything you send, or spend countless hours in training.

That is why, as an evangelist for the healthcare practice at Mimecast, we are working with leading healthcare organizations to help build on the vision for cyber resiliency. So, that you, the healthcare providers, can focus on the critical care we rely on.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Oct 13, 2017

You may also like:

The Challenge of Keeping Patient Data Secure

6 Takeaways from the Becker’s Hospital R…

6 Takeaways from the Becker’s Hospital Review 3rd Annual Hea… Read More >

Danny Arnold

by Danny Arnold

Mimecast Strategic Advisor.

Posted Oct 03, 2017

National Health Service Cyber Security Fears and Resilience Strategy

NHS IT Leaders losing sleep over GDPR an…

NHS IT Leaders losing sleep over GDPR and cybersecurity fear… Read More >

Mimecast Contributing Writer

by Mimecast Contributing Writer

Mimecast Contributing Writer

Posted Sep 20, 2017

Improving Care for Protected Health Information

The nature of the critical care that he…

The nature of the critical care that healthcare provides ne… Read More >

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Sep 18, 2017