Healthcare in 2022: More COVID & Cybersecurity Risk
As we come upon our third year of COVID-19, healthcare faces more risks than ever before–and this time, it’s not just from the virus itself. It’s also from the new threat landscape that the virus created.
And as we look ahead to a new year of healthcare risk management, it’s time to get ahead of cybersecurity in healthcare. Your team, your patients, and your community demand it–and your business needs it to survive.
Here’s a closer look at the risk landscape for healthcare providers in 2022 and a few simple steps you can take to get ahead this year.
The COVID-19 Threat and Healthcare Risk Management
When COVID-19 crashed into our lives, no one could have predicted how radically it would change things. But in 2022, we now know that COVID has done more than change our healthcare conversations. It has also altered the landscape for healthcare risk management.
One of the unexpected changes can be found in healthcare cybersecurity. Thanks to COVID-19, cybersecurity is now a dinner table conversation, especially in healthcare.
This change is partially due to the record-breaking number of cybersecurity threats in 2020 and 2021, with over 500 healthcare providers suffering ransomware attacks in 2020 and 93% more attacks in the first half of 2021 compared to the same period in 2020. But it’s also the result of practical changes in medicine–like the rise of telehealth and the continued popularity of telehealth options as we battle COVID surges.
Before COVID-19, cybersecurity threats were often the result of bad cybersecurity practices; many are common across industries (like users with poor password practices). These days, the bigger threat comes from healthcare personnel now working remotely, including accessing healthcare data remotely.
More remote work means that more and more healthcare systems have to contend with more unsecured access points. After all, you can secure your network and nodes, but that doesn’t help you if a staff member accesses your network with a compromised device or opens a phishing email that then infects your network.
Then there’s the fact that data is more important in a remote healthcare environment than ever. That means you’re more reliant on third-party vendors than ever before. Otherwise, you don’t have the capabilities necessary to process your data, which means you can’t serve your patients. But every additional vendor in your system introduces another chink in your cybersecurity armor. An attacker may not need to compromise your system to steal data–all they need to do is compromise your vendors and leapfrog through your vendor’s data access.
Worse, the increasing reliance on digital-first healthcare means that healthcare cybersecurity is no longer a question of stolen health data. Poor cybersecurity and rampant cyber attacks represent a dangerous threat to global healthcare and your ability to serve your patients.
Ways to Improve Third-Party Risk Management in Hospitals This Year
Here’s the good news: compromised data isn’t a given, and you are not helpless against cyber threats. It is quite possible to keep your network secure, even in a highly remote environment and even with a whole battery of third-party vendors.
But to do it, you need to update your third-party risk management program.
Not sure where to begin? No worries! Here’s a look at a few basic steps you can take to start tackling the risk management challenges you’ll face this year.
Understand Vendor Risk in Healthcare
First and foremost, you have to understand the risk that vendors pose across healthcare and your vendors' risk in particular.
The best way to do this is to go back to the basics and get down in the weeds. Start by itemizing every third-party vendor you use, no matter how big or small. If you use them, they should be on the list.
Second, itemize all the ways your vendor accesses your system and your data. This is related to what you use them for. An accounting system, for example, may include frequent access to patient billing information, while a third-party email generation software may only access email addresses.
Once you know how much a vendor accesses your systems and data, categorize their degree of involvement. Some vendors would be a nuisance to go without, while others would grind your healthcare organization to a standstill.