“Patient care has not been compromised.”
That was the official statement from Hollywood’s Presbyterian Medical Center this week after a cyber attack. Yet, doctors have to communicate by fax, patients have to drive to the hospital to pick up test results in person, and nurses are recording patient information manually on paper charts. According to reports, two weeks ago hackers gained access to the Hollywood Presbyterian Medical Center’s servers and encrypted their data, demanding a ransom of $3.6 million in Bitcoin currency to release it.
Healthcare Companies Under Threat
Hollywood’s Presbyterian Medical Center may be the most recent victim, but it’s certainly not alone in being targeted by cybercriminals. In fact, research (1) shows that security breaches among healthcare organizations will continue to grow due to an increase in digitization of medical records and introduction of wearable technologies. Already, over 1.8 million American adults are victims of medical identify theft (2).
Knowing there is a threat and acting to prevent it are two very separate things. It requires more than just presenting data and industry reports. IT managers at healthcare organizations need to play an active role in constantly monitoring, upgrading, and testing data protection systems to ensure the IT environment is never compromised. Plus, data breaches are only one threat in a broad spectrum and in many cases the IT environment is affected by more mundane factors such as a server crash or network outage.
The Mounting Costs of IT Interruption in Healthcare
According to research by MeriTalk and EMC Corporation (3), security breaches, data loss and unplanned outages cost US hospitals more than $1.6B annually. Data center outages alone are cost $8,000 per minute leading to an average cost of $690,000 per outage incident (4). When IT systems are down, healthcare providers can’t just stop working even when information like a patient’s past surgeries, allergies, medications, and family history become difficult to obtain or in some cases completely inaccessible. Unfortunately, the reality is that access to electronic medical records is critical to patient care, and when that access is compromised, patient care is compromised.
Preventing and Mitigating IT Outages and Data Breaches
Bad guys will always try to target computer systems. According to some reports (5), the security industry will reach $170 billion by 2020, yet cyber security solutions alone cannot fully protect businesses from downtime. IT professionals need to have multiple layers of defense, ranging from threat prevention to detection and mitigation.
When a healthcare organization’s access to mission-critical data is compromised — whether by malicious cyber attacks, natural disasters, hardware or software failures — that organization needs assurance that it can quickly restore access and continue operating. Hospitals simply can’t afford to lose immediate access to patient information and business systems. Delayed access to information and a return to manual processes and handwritten paper charts affect patient care (and the cost of that care) is not in the best interests of patients, caregivers, or healthcare providers. While you can’t always prevent a cyber attack, there are affordable business continuity solutions available — like Axcient’s Business Recovery Cloud. Axcient’s technology allows companies to quickly “fail over” and continue operating no matter what circumstance is bringing their primary systems down. That’s simply healthier for everyone: the healthcare organization, the caregivers, and, most important, the patients.
CIOs and administrators at hospitals must understand that they need to go beyond cyber security and seamlessly incorporate disaster recovery and business continuity plans and solutions into their IT infrastructure. They need a multilayered approach to protect both their organizations and the communities they support from the manipulation of cybercriminals.
For examples of how Axcient has helped health care organizations improve IT resiliency and leverage affordable Disaster Recovery-as-a-Service (DRaaS), please visit https://axcient.com/customers/#case-studies
(1) 2015 Second Annual Data Breach Industry Forecast, Experian
(2) 2013 Survey on Medical Identity Theft, Ponemon Institute
(3) MeriTalk Release