Nursing facilities and other healthcare providers now have “the book” to battle the threat of cyber breaches.
Health and Human Services rolled out a new publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” on Friday. The four-volume guide comes after two years of work by more than 150 cybersecurity and healthcare experts.
It explores five of the most relevant and current cyber threats in the healthcare field, along with detailing 10 best practices that facilities can implement to battle them — ranging from email protection systems to checks on the cyber safety of medical devices. HHS notes that the U.S. healthcare system lost about $6.2 billion in 2016 alone due to data breaches, with $2.2 million the average cost for a single organization.
“We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” Erik Decker, industry co-lead and chief information security and privacy officer for the University of Chicago Medicine, said in an announcement. “That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”
The publication and its recommendations stem from a mandate set by the Cybersecurity Act of 2015 to develop guidelines to reduce cyber risks in healthcare. It also includes two technical volumes geared toward IT professionals, along with resources to assess healthcare organization’s current cybersecurity strategies.
In a white paper issued last year, LeadingAge noted that aging services and the rest of the healthcare industry are among the most frequently pursued for cyber-attacks because data stored is often lucrative, and security is typically weak compared to other fields.