登录

随着数据泄露成本飙升,医疗机构必须加倍努力解决这些不可谈判的安全问题

As Data Breach Costs Soar, Healthcare Organizations Must Double Down on these Security Non-Negotiables

Healthcare IT Today 等信源发布 2024-08-30 22:07

可切换为仅中文


The following is a guest article by Dylan Border, Director of Cybersecurity at Hyland

以下是Hyland网络安全总监Dylan Border的客串文章

Healthcare continues to be the most costly industry for data breaches, a distinction the sector has held for 14 consecutive years.

医疗保健仍然是数据泄露成本最高的行业,该行业已连续14年保持这一殊荣。

To be fair, the average cost of a healthcare data breach has fallen by roughly 11% since 2023, according to IBM’s latest Cost of a Data Breach report. But even so, the average price tag for a data breach in the healthcare industry sits at a staggering $9.8 million. That’s $3.7 million higher than the average fallout of a data breach in the financial industry, the sector with the next most costly breaches..

公平地说,根据IBM最新的数据泄露成本报告,自2023年以来,医疗保健数据泄露的平均成本下降了约11%。但即便如此,医疗保健行业数据泄露的平均价格仍高达980万美元。这比金融业数据泄露的平均后果高出370万美元,而金融业的数据泄露成本仅次于金融业。。

The frequency of attacks is equally alarming. In 2023, an average of 364,571 healthcare records were leaked every day in the U.S. In fact, one Hyland client reports their systems are attacked 1,500 times each hour. (Thankfully, their deep defenses have prevented the attackers from being successful.).

袭击的频率同样令人担忧。2023年,美国平均每天泄漏364571份医疗记录。事实上,一位Hyland客户报告说,他们的系统每小时遭到1500次攻击。(谢天谢地,他们的严密防御阻止了袭击者取得成功。)。

After more than a decade of astronomical payouts and ceaseless attacks, why are many healthcare organizations still struggling to lock down their systems? Healthcare’s unique combination of sensitive data, vulnerability to disruption, and overreliance on legacy infrastructure make it an attractive target for hackers.

在经历了十多年天文数字的支出和不断的攻击之后,为什么许多医疗保健组织仍在努力锁定其系统?医疗保健独特的敏感数据组合、易受破坏性以及对遗留基础设施的过度依赖,使其成为黑客的诱人目标。

And the hefty ransom payouts they’re able to demand keep them coming back for more..

。。

To break the cycle, healthcare organizations need an updated approach to vulnerability management and IT security hygiene that emphasizes proactive measures.

为了打破这种循环,医疗保健组织需要更新漏洞管理和IT安全卫生的方法,强调积极主动的措施。

3 Non-Negotiables for Healthcare Information Management and Cybersecurity

3医疗保健信息管理和网络安全不可谈判

Maintaining your cybersecurity posture is a 24/7 job. Threats will continue to evolve, and staying ahead of them requires constant vigilance and adaptation. However, you and your IT and cybersecurity teams will sleep better at night with these essentials in place.

保持网络安全态势是一项全天候的工作。威胁将继续演变,保持领先需要不断保持警惕和适应。。

Robust Vulnerability Management

Vulnerability management is an area where many healthcare organizations have room to improve. A comprehensive approach involves continuous identification, evaluation, and remediation of security vulnerabilities within your systems. Regular scanning and monitoring are essential to uncover and address potential security gaps before they can be exploited.

漏洞管理是许多医疗保健组织需要改进的领域。全面的方法包括持续识别、评估和修复系统中的安全漏洞。定期扫描和监视对于发现和解决潜在的安全漏洞至关重要,然后才能加以利用。

You’ll also want to keep encrypted backups of your most essential systems stored offline. These backups should be regularly tested to verify their integrity and reliability, ensuring you can recover quickly if an attack occurs..

您还需要将最重要系统的加密备份离线存储。应定期测试这些备份,以验证其完整性和可靠性,确保在发生攻击时可以快速恢复。。

Comprehensive Access Management

全面的访问管理

Effective access management makes it far more difficult for bad actors to gain unauthorized access to sensitive information. Your access control strategy should include implementing strict controls that limit administrative rights to critical data and systems — the fewer people who have access to this information, the fewer entry points attackers can exploit.

有效的访问管理使不良行为者更难获得对敏感信息的未经授权访问。您的访问控制策略应该包括实施严格的控制,限制对关键数据和系统的管理权限-访问此信息的人越少,攻击者可以利用的入口点就越少。

This approach, paired with access security features like multi-factor authentication and regular user education, significantly reduces both internal and external threats while simultaneously supporting data privacy and compliance goals..

这种方法与访问安全功能(如多因素身份验证和定期用户教育)相结合,大大减少了内部和外部威胁,同时支持数据隐私和法规遵从性目标。。

Vendor Security Scrutiny

供应商安全审查

Partnering with third-party vendors is necessary to expand your tech stack and upgrade legacy IT infrastructure. However, it’s essential to evaluate a vendor’s security practices before you work with them. To make an informed decision, ask questions about their software development lifecycle, patching process, and ability to support you when attacks occur.

与第三方供应商合作对于扩展您的技术堆栈和升级传统IT基础设施是必要的。但是,在您使用供应商的安全实践之前,必须对其进行评估。要做出明智的决定,请询问他们的软件开发生命周期、修补过程以及在攻击发生时为您提供支持的能力。

Your partners should be transparent about their security practices and have a track record of taking a proactive approach to cybersecurity innovation..

您的合作伙伴应该对其安全实践保持透明,并有采取积极主动的网络安全创新方法的记录。。

Closing the Healthcare Data Breach Gap

弥合医疗保健数据漏洞

Improving the healthcare industry’s data breach track record won’t be easy, but we can close the gap with a concerted effort to tighten defenses at every system endpoint. With proactive measures designed to stop attacks as soon as they start, your organization can keep patient data safe and bolster trust.

改善医疗保健行业的数据泄露记录并不容易,但我们可以通过共同努力来缩小差距,加强每个系统端点的防御。通过设计用于在攻击开始时立即停止攻击的主动措施,您的组织可以确保患者数据的安全并增强信任。

It’s time to lead the way in setting a new standard for data protection in the healthcare industry..

是时候带头为医疗保健行业的数据保护制定新标准了。。

TagsAccess Management Cybersecurity Data Breach Dylan Border Healthcare Cybersecurity healthcare information management Hyland Ransomware Costs Vendor Security Vulnerability Management

TagsAccess管理网络安全数据漏洞Dylan Border Healthcare网络安全医疗保健信息管理Hyland勒索软件成本供应商安全漏洞管理

Get Fresh Healthcare & IT Stories Delivered Daily

每天提供新鲜的医疗保健和IT故事

Join thousands of your healthcare & HealthIT peers who subscribe to our daily newsletter.

加入成千上万订阅我们每日新闻稿的healthcare&HealthIT同行。

We respect your privacy and will never sell or give out your contact information

我们尊重您的隐私,绝不出售或泄露您的联系信息