The healthcare industry has long been a target for hackers, but it has seen a steep increase in the number of cyberattacks over the last two years. In 1Q17, there were a recorded 22 breaches in the US before this figure soared to a high of 99 in 2Q18, according to the US Department of Health and Human Services' breach portal. The number of individual's impacted has also risen alarmingly, with more than 2.5 million patient records exposed from April 1–June 30, 2018 and more than 2.9 million records through the first two months of the third quarter.
And email was the top source of data breaches in the healthcare industry in 2018, according to the same report.
To discuss the importance and best methods of tackling cyberattacks in the healthcare sector, DATAx sat down with Idan Udi Edry, CEO of Trustifi, a software-as-a-service company offering a patented postmarked email system that encrypts and tracks emails.
"Even though regulatory laws like HIPAA have been around for more than 20 years, the sophistication and frequency in which cybercriminals attack personally identifiable information (PII) in emails today means that business are being a lot more proactive, because it's costing real money now," begins Edry. "When an average of 269 billion email messages are sent a day and email encryption services like Trustifi making encrypting emails so simple it just doesn't make sense to hold out any longer. Business email compromise (BEC) attacks, phishing schemes, data breaches and a firms' loss of reputation hurts the bottom line and the obvious cost-savings of encryption just makes prudent financial sense."
He adds that, in the past, the threat of financial penalties was not as big a concern for businesses, but that with the growing global focus on the security of data, fines against companies who are found to be negligent have become a substantial fear. GDPR regulations, for example, come with fines up to €20m ($22.6m), or 4% of a company's global annual turnover of the previous financial year – whichever is higher.
With the WannaCry cyberattack of May 2017 – which cost the UK's National Health Service an eyewatering £92m – still fresh in every health providers mind, we ask Edry exactly why makes them so vulnerable to cyberattack.
"Healthcare providers handle the data of hundreds of thousands of confidential client information such as protected health information (PHI), social security numbers, credit cards, addresses and more," explains Edry. "This makes the entire healthcare sector the number two target for cyberattacks, right after cyberattacks on local, state and federal government."
It is not just because healthcare providers have such a bevy of information available that makes them such a popular target for cyberattacks. Healthcare is also an industry that has been historically slow to digitize, and "with outdated cybersecurity measures in place, hospitals are incredibly vulnerable", according to Edry.
Trustifi is one of a number of services that are attempting to address the innovation gap in healthcare to help protect vulnerable data.
"By using Trustifi, healthcare providers can ensure that even the most dedicated hackers are unable to intercept any private documents or conversations within an email," outlines Edry. "Email security is the biggest form of cyber risk, but as the first federally-accepted method of sending legal documents online, Trustifi software guarantees healthcare providers the safety of tracking their emails.
"Encrypting emails will assure healthcare providers that only the correct recipient will be allowed access to the information and will also inform them when and where this email was accessed," he continues. "Trustifi also has sophisticated algorithms monitoring email messages as they are being composed and will automatically encrypt triggered outgoing emails before they are sent, when confidential infor
mation is detected, even when the sender forgets to encrypt the email."
With the data breaches and cyberattacks that put 2018 in the history books as the year of data crisis, what trends will we see in 2019 in cybersecurity?
"Identity theft and ransomware attacks are predicted to worsen immensely in the next year, along with more sophisticated forms of malware and phishing attacks through email," Edry says. "And with the increase in cyberattacks, skilled cybersecurity workers and extensive cyber protection platforms will be in high demand this year."
It is key that every organization, big or small, knows how to protect themselves and the data they store. So, to conclude, Edry gives us his best tip for how companies can make sure they are protected over the coming years. Fortunately, it is a very simple one.
"Educate your entire organization on data security," he says. "It's incredibly important for everyone to understand cyber risks and how to ensure their online presence is always secure. Hackers only gain entry to your system through weaknesses, and it's essential the best practices for opening and sending emails are always implemented."