Archive Monthly Archives: March 2018

Why Healthcare Industries Are Seeing More Data Breaches

No company is immune to a data breach. These days, no matter what industry a company falls under, there is always the risk of something happening. If companies aren’t taking the proper measures to manage their networks, a data breach can really set a company back, if not taking it off the market completely. Because of this, more and more companies have realized the importance of investing in an outsourced CIO to help prevent problems from occurring. Why, is it then, that we are seeing continuous data breaches in the healthcare industry, and why are the problems not being solved?

Well, it’s not so simple, and there may be several reasons as to why the healthcare industry is experiencing more data breaches than ever before.

Data Breach Statistics

In order to really understand how data breaches are impacting the healthcare industry, one would need to look at the actual numbers. According to the annual HIMMS Cybersecurity Survey, 75% of the 239 healthcare respondents surveyed reported that their organization experienced a “significant security incident in the past 12 months.” What’s interesting is that 96% of those respondents said that the organizations were able to identify the threat actor. But, as more than half of these respondents reported that their organization has a clearly defined budget that is allocated to cybersecurity and are seemingly on top of their network, it makes people wonder why these data breaches are continuing to happen at such high rates.

Healthcare Industry as a Target

Despite the fact HIPAA laws are in place to protect patients and healthcare employees, it’s been proven that there’s only so much that can be done in order to protect hospitals and doctors’ offices against data breaches. Hackers may have certain inclinations in mind when it comes to installing Ransomware or Malware on a medical facility’s network, and you can’t really blame them. Because a patient’s data is so sensitive, and because almost all records are now kept digitally, these hackers have a lot of leverage when it comes to getting what they want. If hospitals don’t have a way of backing up this information, or they are afraid of it getting into the wrong hands (one of the biggest concerns), they will certainly feel the pressure to pay up.

Of course, as we know, it’s not only hackers that are to blame for data breaches. According to this HIMMS Cybersecurity Survey, 20% of the respondents said the attack came from a negligent insider.

The Problem

So, what’s the deal? If healthcare industries know that they are a target, and they know that healthcare data breaches are one of the main threats we are seeing today among relevant industries, then what’s going wrong? Why can’t something change in order to put a stop to all of this?

Well, according to HealthIT Security, the problem is that there isn’t a standard cybersecurity framework that’s being utilized across the board. When these healthcare industries aren’t on the same page regarding this issue, then it makes sense that more breaches continue to occur.

How to Protect Healthcare Industries

Unfortunately, just talking about what needs to be done isn’t going to help the thousands of healthcare facilities that are experiencing data breaches this year or even this month, especially when many hospitals, insurance companies, and doctor’s offices are still each using their own software and computer systems.

At this moment, healthcare companies should be doing everything in their power to keep their own network secure. While one way to do this is, of course, by implementing a solid network management plan, the absolute best way to go about this is through hiring an outsourced CIO. This will not only help to prevent data breaches coming from the outside, but it can also help stop data breaches that happen internally. Additionally, a CIO can help implement a reliable backup and disaster recovery system to protect the patients’ information as well as protect the medical facility from risk.

Should There Be an IT Hierarchy in Companies?

When it comes to managing a company’s network, data issues, or IT concerns, there are a lot of people that work together to make sure everything runs smoothly. One task may finally be complete only after various members from different departments come together. People from HR, IT, as well as C-level leaders may all be assigned various roles in order to implement security standards, backup protocol, or onboard contractors.

But, despite the fact that security and network maintenance is a team effort, who has the ultimate say in what goes on? Who is in charge – the one running the show to make sure everyone else does their job? There’s a lot of conversation surrounding this idea that IT shouldn’t be situated in a hierarchy model. However, others disagree and believe that in order for things to really go well, someone needs to take the lead.

The best option?

Let’s find out.

When Roles Get Confusing

Human resources hires a CIO. A CIO then advises the IT team on what needs to be done in order to create a disaster recovery program or help mitigate security risks. IT understands the task at hand and works with the administration on a devising a new budget regarding the systems they’ll need to implement. HR then tells IT that new, outside contractors are being hired, and therefore, those security protocols are absolutely necessary and need to be implemented sooner than later. But, the CIO and other C-level leaders can’t seem to be convinced about whether or not the budget has room for what the others are proposing.

Does something like this sound familiar?

According to a study conducted by Nintex titled the Definitive Guide to America’s Most Broken Processes, it was found that 62% of respondents said their company has broken processes when it comes to IT. While it might seem like the office has a system to cope with all these roles, responsibilities, and requests, it can be a bit convoluted. And, especially when each role is so different, it’s difficult to determine who should really be answering to whom. Does IT work under HR when they can control HR’s access to the system? Then, does the CHRO answer to the CIO, or does the CIO answer to the CHRO depending on the situation? Experts believe these roles should be interchangeable in order to avoid conflict and miscommunication in business.

But, that still leaves the role of “leader” unfulfilled, which can be hard when a company’s decision on an important matter cannot be agreed upon. Someone, eventually, must have the final say.

The Problems with Teamwork

Let’s say the whole “teamwork” thing is working well for everyone involved. Then, one day, a data breach occurs, or the network shuts down. One of the biggest causes of something like this, specifically the data breach, is human error. If this happens, the blame needs to put somewhere, even if the company leaders will still need to take responsibility for the entire breach.

Going with the idea that “two heads are better than one”, there are certainly a lot of things a team can accomplish versus a single person when it comes to mitigating risks across the company. That being said, there is also an equal number of things that can go wrong- more things that aren’t being handled appropriately, or miscommunications that can occur – when there isn’t a hierarchy in place to check for errors internally.

Put an Outsourced CIO in Charge

Many companies still hire in-house CIOs, which may be good for the moment, but may not make a difference if there’s a crisis. In any situation where it’s difficult to determine who is in charge, it’s necessary that companies consider hiring an outsourced CIO to make appropriate calls in the best interest of the company, and without employees being personally invested in what’s going on.

An outsourced CIO can easily determine what’s at risk for the company and can clear those up through a process in which everyone works together – a process in which they oversee everything, and assign roles to those who can handle it. They can check for consistent gaps in the system, make sure employees are given the appropriate access to the network based on their position at the company, and work with other C-Level leaders to determine whether or not things like a BYOD policy are safe for everyone involved.

Remember, an outsourced CIO doesn’t have any emotional investment in the company. They are completely unbiased and can, therefore, make decisions that other team members may not be in a position to make themselves or don’t feel comfortable making. While it’s understandable that working as a team can be effective, there are times when something just calls for a professional leader’s decision on the matter.

So, for those that say that there shouldn’t be a hierarchy in IT, maybe they should reconsider before jumping to any conclusions.

>