Dive Brief:
- Cyberattacks on healthcare organizations have shot up 100% from just four years ago, a problem which has CIOs and security information heads struggling to keep up.
- Healthcare organizations spend $5.6 billion each year on security, according to the Ponemon Institute, but sometimes all it takes is one user's mistake to let cyberattackers in, according to Ron Mehring, CISO at 25-hospital Texas Health Resources.
- Mehring, who spoke at a recent HIMSS security conference, argues that the key to improving healthcare privacy and security is to make sure employees understand why they need to take key security precautions. Without such an education, he said, employees are far more likely to make mistakes.
Dive Insight:
Not only is a lack of employee education a problem, healthcare leaders aren't vigilant enough, either. According to security expert Kevin Johnson, who also spoke at the conference, last year the FBI notified roughly 3,000 organizations, many of which were healthcare-based, that they had been attacked. If someone outside the organization has to tell healthcare leaders that they've been attacked, something vital is missing from their audit procedure, Johnson says.