70 of healthcare cyberattacks result in delayed patient care report finds

pLast year 92 of all healthcare organizationssystems hospitals and provider groupswere targeted by a cyberattack according to a new report from vendor Fortified Health Security Further 70 of those that reported an incident said patient care was impacted in some way signaling that even an unsuccessful data breach can result in negative outcomesppTo better understand the landscape Fortified deployed criteria laid out in the NIST Cybersecurity Frameworka voluntary set of guidelines designed to help healthcare entities protect their networks and datato see how many groups are adhering to the recommendationsppAccording to the analysis while healthcare organizations have made strides in improving their response plans and conducting regular risk assessments to measure their defenses other areas need improvementbut legacy technology may be standing in the way ppWhile cybersecurity investments are gaining more executivelevel attention in the budget funding often favors new technology over maintaining legacy systems As a result many organizations are left cobbling together outdated platforms on aging hardware Some now recognize that decommissioning obsolete systems may be safer than trying to keep them running Fortified wrote in the report ppHowever maintenance issues related to legacy systems while complicated ranked third on the companys list of vulnerabilities According to its experts the lack of risk management strategies at healthcare organizations is leading to cyberattacks including failure to monitor the supply chain and adequately train staff to identify potential threats ppThe NIST Cybersecurity Framework outlines an approach to risk management which organizations can follow to maximize network integrity However many are still not following it opting to develop their own security standards ppThe lack of a uniform standard for how much risk should be tolerated means that some organizations remain more vulnerable than others Fortified said many of its clients claim its unclear who is responsible for developing and maintaining risk thresholdsppMost organizations still lack a defined unified approach to risk management Risk tolerances wildly vary and because of that responsibility for managing that risk is often unclear the company statedppAs a bright spot Fortified added that an increasing number of healthcare organizations are using risk insights to reject vendors with poor scores meaning that purchasing decisions are prioritizing security even if firm policies are not in placeppThe company emphasized the need for healthcare organizations to inventory everythingincluding analyzing which hospital technologies contain sensitive data valuable to criminals and identifying devices or systems that could be compromised to access broader networksppWithout a complete and uptodate inventory organizations lack a clear understanding of what they protect making effective risk management nearly impossible In many cases producing currentstate inventories cannot be done easily particularly when clinical assets are tracked separately by BioMed teams the company wrote ppZooming in on employee training Fortified lamented that its often still limited to annual refreshers or new hire orientation as opposed to being an ongoing process where staff monitor for threats and consider how the simplest error can lead to a data breach every dayppFortified said phishing simulations help but those and similar efforts should not be seen as a replacement for cultural change It emphasized that the goal of any training and subsequent simulations is to build habits that support a vigilant security posture In short the company contends that educating staff is just as important as upgrading infrastructureppCybersecurity must become part of the organizational DNA and many companies have not yet accomplished that You can encourage active engagement by rewarding andor recognizing engaged employees and sharing realworld stories the company wrote ppThe full report is available here ppChad is an awardwinning writer and editor with over 15 years of experience working in media He has a decadelong professional background in healthcare working as a writer and in public relationspp ppppThe companys automated insulin pump can now be used to treat more patients thanks to an expanded CE mark approval Could updates from the FDA be nextppHeartflow known for its AIbased CCTA evaluations appears to be going public The news follows years of momentum for the Californiabased company including improved Medicare reimbursements for cardiac CT and a new Category I CPT code for its Plaque Analysis softwareppSuman Tandon MD an American Society of Nuclear Cardiology board member explains the groups call on Congress to update a number of healthcare policies p