Although most healthcare organizations are strengthening their cybersecurity efforts, serious vulnerabilities still persist, according to research released this week by Fortified Health Security, a healthcare cybersecurity vendor.
Healthcare providers have made significant strides over the past five years, especially when it comes to governance, response planning and risk assessments, pointed out Fortified CEO Dan Dodson. This progress was spurred by major data breaches and increased regulatory attention, which have pushed boards and executives to take cybersecurity more seriously, he said.
“They realize they must truly be prepared for the worst and have a response plan integrated into their business continuity plans,” Dodson stated. “However, with this progress, it is also important to acknowledge that our adversaries are continually evolving their attack methods; therefore, we must continue to advance our cybersecurity initiatives.”
The Top 5 Home Care Franchise Opportunities in the U.S.
The home care industry is booming. As Baby Boomers age and more families seek in-home solutions for loved ones, demand for home care services is at an all-time high.
For instance, most providers have beefed up their efforts related to cybersecurity risk analysis, but that’s not enough — they need to make sure they act on what they find in those assessments, he noted. In other words, it needs to be more than just a check-the-box exercise.
In most cases, providers’ security gaps exist because they invested in advanced tools before they became confident in the basics like patching, password policies and access controls, Dodson added.
Overall, he thinks three main cybersecurity challenges stand out for healthcare providers.
The first is AI. Providers are eager to adopt AI tools, but they often lack clear governance frameworks to effectively manage this technology and its data exposure risks, Dodson said.
The Human Algorithm: What AI Can’t Replace in Pharma Engagement
At a time when AI is reshaping pharma, Reverba Global CEO Cheryl Lubbert explained in an interview why empathy, context, and ethics still require a human touch.
“At the same time, the bad guys are already using AI to alter their attacks on healthcare,” he remarked.
Third party risk management is also a key area on which providers need to focus, as they typically rely on hundreds of service and technology providers.
This network of partners is essential, but it also creates a lot of risks. A weakness in one vendor’s system can compromise an entire health system, and providers are still figuring out how to mitigate this threat, Dodson declared.
The last ongoing cybersecurity challenge for providers is simply lack of adequate funds.
“Some healthcare providers understand the cybersecurity fundamentals but still struggle to get the appropriate budget to manage this risk effectively,” Dodson explained. “Cybersecurity competes with many other priorities, and some organizations, especially smaller or rural providers, are forced to make complex tradeoffs. That leaves them more exposed, even when they have the right intentions.”
Moving forward, Dodson said the industry doesn’t have time to wait for regulatory clarity. In his eyes, progress doesn’t happen by playing it safe.
He noted that the most resilient organizations are those that decisively pick a cybersecurity framework, like HITRUST or NIST and quickly begin executing it.
“Stop waiting, because there will never be a perfect moment or situation to start. It has to start now,” Dodson stated.
Photo: boonchai wedmakawand, Getty Images