In my tenure as a technical writer, I have worked on a number of contract gigs, which gave me wide exposure to many kinds of industries. I worked at a plastics company, Blue Cross Blue Shield of IL, and Northern Trust Bank. I would say that it was probably the last two that have me the best experience, especially BCBS.
During my time there I was tasked to compose the end user documentation as well as the administrative guides on some encryption software that they received from both IBM and Computer Associates. Also, I had come to learn just how vulnerable the United States healthcare system is vulnerable to large scale Cyber attacks. For example, even when I was there, they were hit with a security breach in which a certain number of usernames and passwords were stolen.
Funny thing is, the company was still adamant about implementing a Single Sign On Solution in which the same username/password combination could be used to access the different portals on their website.
To further illustrate this, when the WannaCry ransomware attack occurred, more than 500,000 computers worldwide were infected, and the Cyber attackers wanted payments anywhere in the range from $300-$600. Because of the magnitude of this unprecedent attack, the majority of healthcare professionals had to use the traditional paper and pen approach in order to update patient files and records.
Worst yet, here in the United States, patients even had to be turned away and even some lifesaving surgeries had to be cancelled. This only drives home the point that a Cyber attack just does not impact an IT infrastructure, rather it also has severe repercussions to other related entities as well, which are mostly the innocent victims.
Now, the demand by Cyberattackers for ransom payment has escalated up to well over $1,100.00. According to a recent study by PhishMe, 91% of all Cyberattacks in the healthcare industry start when an employee or doctor responds to a Phishing E-Mail. In fact, the FBI even estimates that this costs the healthcare industry a staggering $3.1 Billion per year. *OUCH* is to say the very least in these circumstances.
But as I have written before, technology can only do so much to help prevent both ransomware and Phishing based E-Mail attacks. It also takes a proactive mindset not only by the leaders and management in the healthcare industry, but all of the employees as well. This will involve having security based training sessions at least once a quarter, and making sure that the entire IT infrastructure is up to snuff with the mandates of HIPAA.
But it is interesting to point out here, although each and every industry is prone to a major Cyber attack, why is it that the healthcare industry is so picked upon? Well, “ . . . it is “rich in personally-identifiable information… and the results of a successful attack can be dire – including risk to patient care . . . ” (SOURCE: https://www.securitymagazine.com/articles/88860-dont-let-cyber-attacks-hold-your-patients-hostage).
Even according to PhishMe, Cyber attacks to the healthcare industry by a whopping 400% since 2016. Studies by this organization have even shown that even after just one security training seminar, employees opening up Phishing based E-Mails dropped by almost 20%. So isn’t it worth it to have to have these kinds of educational venues?
They are not expensive (unless you hire an outside trainer to teach these classes), and they pale in comparison to the costs of deploying and implanting new security technologies (such as firewalls, network intrusion devices, routers, etc.).
Remember, in the end, “ . . . proactive education across the healthcare ecosystem . . . an prevent compromised private patient information, prevent monetary losses, and ultimately, spare organizational delays in delivering care.” (SOURCE: https://www.securitymagazine.com/articles/88860-dont-let-cyber-attacks-hold-your-patients-hostage).