When Healthcare Cyberattacks Become Repeat Business

Phishing Scam Illustration

What’s worse than a healthcare organization getting attacked by a cybercriminal?  That same healthcare organization getting attacked for a second time – by the same cybercriminal.

Ranking as the third-highest industry to be retargeted following a cyberattack, healthcare is facing some serious security concerns. Although providers continue to fight the recurring fight, they don’t seem to be showing many signs of winning.

A recent report notes that a third of healthcare organization employees who experienced a ransomware attack said it wasn’t the first time. And there have been at least 200 breaches of more than 500 records reported since January, setting 2019 up  to be another record-breaking year for healthcare data breaches.

Surprising? Maybe not when you read articles suggesting that hundreds of servers storing patient X-rays and MRIs for more than 5 million patients in the U.S. lack even baic security protocols like passwords, and are so insecure that anyone with fundamental computer skills and a few lines of code could access them.

Playing Defense Against Cyberattacks

The continuous uptrend and repeat cycle in cyberattacks has led to many healthcare organizations bulking up their security teams. Currently, there are 313,000 open cybersecurity jobs nationwide according to cyberseek.org. Looking ahead, it’s estimated there will be 3.5 million unfilled cybersecurity positions globally by 2021, according to Cybersecurity Ventures.

But the job of securing PHI doesn’t fall only to the medical organization’s security team. It is critical to ensure that each employee within the organization has sufficient training to prevent breaches. The highest risk within a healthcare practice or enterprise is the unsuspecting employee who makes the wrong fateful click and inadvertently opens the door to the entire operation.

Concurrently, it is important to utilize updated technology and maintain best practices for healthcare networks and software to ensure PHI stays protected.

One of the biggest areas for improvement relates to legacy operating systems that are more prone to cybersecurity vulnerabilities. Of those who participated in the HIMSS2019 Cybersecurity Survey:

  • 69% indicated that they had at least some legacy operating systems in place at their healthcare organizations
  • 83% of those still operate with Legacy Windows Servers (e.g., 2003, 2008, 2012, 2016 and XP)
  • 14% of respondents said over 10% of their systems qualify as a legacy operating system

Couple the outdated operating systems with legacy EHR and ERP applications, and security risks are greatly amplified. Facing ever-increasing cyberattacks, and breaches that could have massive implications for patients, organizations with unprotected legacy systems must find a better way.

It’s time to archive.

Regularly called on to help clients address their long-term EHR and ERP data lifecycle management strategies, Harmony Healthcare IT offers a legacy data archiving solution  that consolidates data stores, reduces out-of-production system maintenance costs, mitigates technical risk, and complies with record retention mandates. More importantly, it provides increased security from cyberattacks, protecting both healthcare organizations and  patients.

Ready to make the move toward protecting your legacy data from cyber crimes on repeat? Let’s talk.

Oct 10 2019

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up