The average cost of a healthcare data breach in the U.S. is more than $9 million, according to a 2024 report by IBM, and nearly half of all breaches involve customer personally identifiable information (PII). As cybercrime grows and becomes increasingly sophisticated, Pixel Health is continually evaluating and implementing best practices to help healthcare organizations keep their systems and patient data safe. This article shares our top five cybersecurity considerations:
- Keep IT systems up to date and reduce application overload
The healthcare industry is known for using outdated systems, which often support key functions in a facility but may be discontinued or unmaintained products. These “legacy” information systems and technologies demand extra resources to operate and may also have security vulnerabilities. Learn more in our Application Overload article.
Systems that aren’t properly managed and maintained present a major cybersecurity risk, as we share in our article on Patching. An IBM report stresses the risks by stating: “Healthcare remains a target for attackers since the industry often suffers from existing [outdated] technologies and is highly vulnerable to disruption, which can put patient safety at stake.”
- Recognize the biggest threat to cybersecurity
Human error represents the biggest threat when it comes to keeping systems secure. Employees are often tasked with managing usernames and passwords for multiple systems and services. Using social engineering tactics, such as phishing or smishing (text-based phishing), cybercriminals can convince employees to share sensitive information or their credentials. With stolen login information, technical security measures are easily bypassed, and systems can be compromised.
- Employ microtraining to help reduce human error
To help employees recognize suspicious requests and take precautions in their work, security awareness training serves an important role. However, to better reinforce key concepts and promote desired behaviors, many training providers offer “microtraining” or “microlearning” instead (or in addition to) annual training.
John Garcia, Information Security Manager at Pixel Health, explained how microtraining typically works: “Once a month, employees are assigned a new five-minute training video with a few questions at the end,” he said. “These trainings are easy to complete and less burdensome than a longer, annual course. We’ve found that microtraining helps keep critical cybersecurity practices at the forefront of everyone’s mind, ultimately contributing to a culture shift in an organization.”
- Understand your cybersecurity insurance requirements
While insurance coverage cannot prevent a data breach, it can help healthcare organizations understand their current systems. To receive an insurance appraisal and obtain a cyber risk policy, healthcare organizations must document their current key technology controls and tools. For example, insurance companies gather information about an organization’s use of multi-factor authentication (MFA), security training, backup systems, and their ability to segregate a network and perform disaster recovery in the event of a breach.
As discussed in our article about cyber risk insurance policies, it’s important to understand coverage levels, research the types of available policies, and develop an appropriate cybersecurity plan to support insurance requirements.
- Perform a security and compliance assessment with a trusted partner
As a leading healthcare-focused consultancy and managed services provider (MSP), Pixel Health understands the challenges of protecting digital environments. Our security operations center (SOC) service monitors systems, devices, networks, and cloud-based applications for malicious behavior and can support recovery efforts in the event of a breach. To proactively prevent data breaches, our team can also provide security and compliance assessments, identify gaps, and create policies to help keep organizations compliant with PCI and HIPAA.
Learn more about our comprehensive security solutions and how to develop a robust cybersecurity strategy fit for your organization: https://www.pixelhealth.com/security/
