News | Cybersecurity | August 20, 2019

New Report Examines Hospital Cybersecurity Challenges in Georgia

Report summarizes cybersecurity challenges faced by CIOs across the state, highlights recommended actions to protect patient data

New Report Examines Hospital Cybersecurity Challenges in Georgia

August 20, 2019 — Healthcare data breaches are currently being reported at a rate of more than one a day, according to a new report from the nonprofit Institute for Healthcare IT (IHIT). And for those who think it can’t happen to them, the odds are not in their favor. Breaches reported between 2009 and 2018 have resulted in the theft or exposure of almost 190 million healthcare records, a number equal to 59 percent of the U.S. population, according to the HIPAA Journal.

A breach can be problematic for large hospitals with the resources and budget to survive a cyberattack, but it can absolutely devastate a smaller facility, and with it, the surrounding community. That thought started keeping Georgia Sen. Bruce Thompson awake at night a few years ago. He was the impetus behind a grassroots initiative that brought together hospital chief information officers (CIOs) statewide to research and discuss the magnitude of the problem along with measures to support cybersecurity. The efforts of Thompson and the hospital CIOs have been summarized in the new IHIT report, titled “The State of Cybersecurity Among Georgia Hospitals.”

“I learned that a fifth of the nation’s rural hospitals are near insolvency and at a high risk of closing, according to a recent Navigant analysis,” Thompson said. “If you want to watch a rural community die, kill its hospital. After Lower Oconee Community Hospital (Glenwood, Ga.) shut down in 2014, other mainstays of the community followed. The bank and the pharmacy shuttered, and the only grocery store in the county closed. On Main Street, building after building closed or fell into disrepair.”

Hospitals have become a popular target among hackers because the electronic healthcare record (EHR) is worth more than any other data on the black market. Medical records could be worth $1,000 each while social security numbers are just 10 cents and credit card numbers are worth 25 cents.

Beginning in October 2017 and continuing through 2019, Georgia hospital CIOs gathered to explore the issues and determine ways they could work together to make a difference. These meetings included hospital CIOs from across the state, with regional working groups pulling together small groups to discuss specific challenges and exchange ideas on ways to solve them.

Among the top issues were: 

  • Preventing phishing attacks; 

  • Maintaining legacy technology that was not built to withstand the sophistication and volume of today’s cybersecurity attackers; 

  • Managing the increasing number of third-party systems that require access to patient health information; 

  • Grappling with the shortage of IT security talent, especially in rural markets; and

  • Overestimating the protection afforded by cybersecurity insurance policies.

The IHIT report summarizes recommendations from the CIOs around two primary initiatives:  establish a healthcare-specific resource center offering Georgia hospitals and healthcare providers access to the most current cybersecurity tools and information; and establish regional online networks for IT Safe Zones where providers can confidentially share threat and incident response insights.

At the heart of the IHIT recommendations is the need to immediately mobilize both executive branch and legislative resources to prepare for the next cyberattack before it sinks a community hospital, and its community.

Calvin Rhodes, the CIO of the State of Georgia, has embraced the IHIT findings and is working with the hospital CIOs to identify ways to offer support. “We saw a real need to extend the cyber academy training developed for state employees to cities and counties in Georgia, and we want to encourage hospital participation as well. Georgia’s new state-of-the-art Cyber Center is serving companies ranging in size from start-ups to the Fortune 500.”

The state is also offering organizations access to a service that provides a seasoned information security officer who will work with an organization one or more days a week with a one-year commitment. “We’re looking to other states for best practices as well,” said Rhodes. “One item that a couple other states often speak to is the benefits of the formation of a volunteer cyber event response task force; in those states it required legislation that provides liability protection for not only the volunteers but also the companies that employ the volunteers.”

For more information: www.instituteforhealthcareit.org

Related Cybersecurity Content

VIDEO: Preventing Medical Imaging Cyberattacks

How to Protect Health Data With Security Testing Automation

FDA and DHS Expand Partnership on Medical Device Cybersecurity

Related Content

AMA survey finds economic, patient-care impact of Change Healthcare cyber-attack ongoing
News | Cybersecurity
Life After Change Cyber-attack: Without Payment for Claims, Physicians Struggle to Keep Practices Afloat

April 10, 2024 — The American Medical Association (AMA) released informal survey findings (PDF) showing the ongoing ...

Home April 10, 2024
Home
In a new letter sent to federal officials on March 12, the American Medical Association (AMA) has presented six relief proposals to support physicians impacted by Change Healthcare hack, and praised the creation of the Change Healthcare/Optum Payment Disruption (CHOPD) Accelerated Payments.
News | Cybersecurity
AMA Presents Relief Proposals to Federal Officials to Support Physicians Impacted by Change Healthcare Hack

March 14, 2024 — The American Medical Association (AMA) has issued a new letter to federal officials in which it praised ...

Home March 14, 2024
Home
An AMA letter sent to Secretary Bacerra outlines ongoing concerns of physicians amidst the cybersecurity incident that has impacted Change Healthcare
News | Cybersecurity
As Cyberattack Jeopardizes Physician Practices, AMA Demands Action

March 6, 2024 — As the cyber-takedown of Change Healthcare has forced medical practices to go without revenue for a ...

Home March 06, 2024
Home
Videos | Cybersecurity
VIDEO: A Look at Cybersecurity and How Healthcare is at Risk

This year at HIMSS, the theme is Health That Connects + Tech That Cares, and cybersecurity is indeed a part of this ...

Home April 21, 2023
Home
The survey reflects the opinions of healthcare cybersecurity professionals that are responsible for either day-to-day operations or oversight of healthcare cybersecurity programs
News | Cybersecurity | By Melinda Taschetta-Millane
2022 HIMSS Healthcare Cybersecurity Survey Report Results Published

April 10, 2023 — The 2022 HIMSS Healthcare Cybersecurity Survey results were recently published. The survey reflects the ...

Home April 10, 2023
Home
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion ...

Home August 29, 2019
Home
According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols.
Feature | Cybersecurity | Maxim Chernyak
How to Protect Health Data With Security Testing Automation

As the National Association of County and City Health Officials state, healthcare breaches remained to be costly and ...

Home May 06, 2019
Home
Videos | Cybersecurity
VIDEO: Preventing Medical Imaging Cyberattacks

Anton S. Becker, M.D., radiology resident at the University Hospital of Zurich, Switzerland, discusses the long-term ...

Home December 12, 2018
Home
FDA and DHS Expand Partnership on Medical Device Cybersecurity
News | Cybersecurity
FDA and DHS Expand Partnership on Medical Device Cybersecurity

October 30. 2018 — The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will ...

Home October 30, 2018
Home
Medtronic is issuing a software update to address a safety risk caused by cybersecurity vulnerabilities associated with the internet connection between the Carelink 2090 and Carelink Encore 29901 programmers used to download software from the Medtronic software distribution network (SDN) . This update is a voluntary recall correction by the manufacturer to address the safety risk caused by the cybersecurity vulnerability.
Feature | Cybersecurity
FDA Says Medtronic is Updating Cybersecurity Vulnerabilities of its Implantable Cardiac Device Programmers

October 17, 2018 — The U.S. Food and Drug Administration (FDA) has reviewed information about potential cybersecurity ...

Home October 17, 2018
Home
© Copyright Wainscot Media. All Rights Reserved.
Subscribe Now