What a year it’s been.
In the cybersecurity world, things went as expected. More attacks with increasing complexity and increasing dollars to criminal states and gangs. It’s estimated the global economic impact of cybercrime in 2019 will exceed $455 billion. In the US, it’s close to $100 billion this year. But this year we also learned the cost of cybercrime isn’t just monetary, but it’s costing lives as well.
Set aside the constant threats to our power, water, and transportation grids, the attacks on hospitals and municipalities in the US have crippled institutions and their ability to meet patient needs and respond to emergencies. Additionally, another study published this year found that hospitals who have experienced a cyber breach in the recent past have an increased mortality rate among cardiac patients, the only modality that was studied, up to at least two years after the incident.
Although ransomware gets most of the press, globally it only accounts for less than 40% of all cyber attacks. What remains most true and consistent is the launch point for the overwhelming majority of external attacks are email-based phishing schemes. Phishing attacks targeting both desktops and mobile devices (yes, including phones) have become increasingly sophisticated and difficult to detect. Although detection has become more challenging, they still primarily rely on the recipient to either open an attachment or click a link in the email. That means training and awareness are still critical for cybersecurity defense.
On the HIPAA front, we’ve seen increased attention on the gap between being HIPAA compliant and being cyber secure. So much so that we could well see legislation in the near future aimed at bridging that gap. On the enforcement front, while HHS has said they’re reducing their penalty matrix, we still saw a number of multi-million dollar enforcements this year. HHS has also sent notice that they are enforcing the requirement to release records to patients in a timely manner, with two penalties doled out this year.
What can we expect for 2020? Sadly, more of the same, likely much more, in fact. Cybercrime organizations have become extremely successful. They’ve learned how to scale both their organizations and their methodology by recruiting others on the dark web to do their bidding for them for a cut of the profits. With nation states like Russia, China, Iran, and others unwilling to prosecute their citizens for engaging in these criminal acts, there’s little hope the attempts will diminish. The onus is on us to implement better solutions and practices to prevent 2020 from becoming another record year for cybercriminals.
The good news is new tools are out there for reasonable prices to thwart the success of these attacks. If you’re still relying on old-school antivirus or antimalware software and firewalls, you may have more risk exposure than you realize. Call us if you have questions or want a free evaluation of your current cyber-defenses.
Happy Holidays from all of us at Acentec.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.