Combat Internal Tech Breaches That Plague Health Care

It’s the enemy within. More than half of all cyberthreats are self-inflicted, but there are areas physician leaders can target to slow the trend.

Of the 2,216 reported international cybersecurity incidents last year, nearly a quarter (536) were directed at health care organizations.1 Each health care organization spends an average of $12.47 million in cybercrime expenses annually.2

What compounds the problem is that so many health care cyberthreats (56 percent) are self-inflicted — double the global average.1

Here are some areas physician leaders can target:

ACCURACY: 62 percent of health care’s security-related human error stems from email and faxes being sent to incorrect parties. Ensure transmissions are encrypted, then provide training for your staff.

RELATED: Cybersecurity: Are Physician Leaders Ready for Worst-Case Scenario?

ACCESS: Some employees will abuse access to systems and data. Monitor all access to internal health information, supported by training and enforced by corrective action.

DESKS: The office is the most frequent location (36 percent) for theft of assets such as laptops, mobile devices and documents. Encryption helps. So does locking your workspace.

AUTOS: Employee vehicles are the second-most frequent location (32 percent) for theft of those same assets. Don’t leave them in a vehicle.

RELATED: Three Takeaways for Physician Leaders Implementing Health IT Initiatives

SHREDDING: Establish — or follow through with — institutional protocols for physical destruction of all sensitive documents.

Andy Smith is a senior editor with the American Association for Physician Leadership.

REFERENCES

1. Verizon, 2018 Data Breach Investigations Report .

2. Accenture and Ponemon Institute, 2017 Cost of Cyber Crime Study .