Assessing your organization’s cybersecurity risk: 5 key areas for senior living operators – Guest ColumnsOctober 11, 2021
Cyberattacks are a nightmare scenario for businesses of all types. For senior living providers with protected health data, cyber-breaches create heightened risk.
And although corporate boards and leadership teams are paying more attention to cybersecurity, they still may not understand just how at risk they are. Start with these questions:
- What would it cost your company to lose access to data or key business operations, such as electronic medical records and billing systems, for even one day?
- Do you know the top cybersecurity risks at your organization and have a plan in place to address them?
- Do you have data security policies and processes that are clearly communicated to staff — and if not, do you know the associated liability?
- Do you have a disaster recovery data center to keep critical operations running?
Today, the cost of cybercrime is in the billions of dollars, and healthcare data breaches jumped more than 50% in 2020, according to CPO Magazine. Hacking and IT security issues accounted for 70% of those breaches — and it took the average business 236 days to recover from one, according to a Bitglass report.
Addressing cybersecurity risks
So what can your company do to protect itself from cyberattacks?
If you don’t have in-house cybersecurity expertise — which is not feasible for many organizations — then seek a managed services provider, MSP, that does. Cybersecurity experts are highly skilled individuals who monitor, detect, investigate, analyze and respond to security events. They should work in concert with the MSP’s chief security officer who has helped determine your risk profile, the cost to improve it and make intelligent financial decisions about how to address your risk profile, and build a more robust and safer IT infrastructure.
The five areas important to senior living providers:
- Protected health information and identity management
- Legacy systems
- Policies for data security
- Disaster planning for business continuity
- Network security
1. Protected health information
The top causes of data breaches, according to the Healthcare Information and Management Systems Society:
- Phishing attacks (57%)
- Credential harvesting (21%)
- Malware/ransomware (20%)
- Social engineering attacks (20%)
In a phishing attack, an employee receives an email appearing to come from a vendor or high-level executive within the organization. They ask you to click on a link or transfer key account or employee information. Unwittingly, the employee has provided access for a ransomware attack on your network or abetted identity theft. Sharing this news with affected employees and the cost to address the identity theft create long-lasting financial and organizational trust issues.
Those scenarios are all too common. Despite ongoing education, protected health information breaches continue to occur through phishing in the form of malicious and increasingly sophisticated email scams.
In a typical…