Skip to main content
Skip to footer

Closing the healthcare cybersecurity gap

Estimated read time: 4 minutes

by Russ Branzell

Published on 3/1/2021

Cerner is proud to be a member of the College of Healthcare Information Management Executives (CHIME) Foundation. The CHIME Foundation membership enables educational opportunities and collaboration with more than 5,000 CIOs and healthcare IT executives from leading health systems around the world.  

Digital healthcare took a huge leap forward in response to the COVID-19 pandemic. Hospitals and health systems quickly deployed telehealth and telework programs to keep their patients and employees safe. Health IT teams created easy-to-use apps to engage consumers and adapt to increasingly mobile environments.

Increasing cyber threats amid COVID-19 

As the footprints of care organizations expanded beyond hospitals and medical campuses, so did their attack surface. Cybercriminals, predictably, have stepped up their attempts to illegally access healthcare data during the pandemic. 

In late October, the FBI, the Cybersecurity and Infrastructure Security Agency and the U.S. Department of Health and Human Services issued an advisory to warn healthcare providers of a major cybercrime threat linked to ransomware gangs, along with guidelines on how to thwart an attack or respond if hacked.

Bad actors will always look for vulnerabilities to exploit, and if one approach doesn’t work, they will devise another and try again. The digital healthcare ecosystem is always evolving, too, and cybersecurity risk awareness has grown in recent times. Even before the escalation in cyberattacks in October, a sobering report from Germany in September of the first known death of a patient tied to a ransomware attack had made digital healthcare leaders more sensitive to the consequences of a successful breach. 

Many senior healthcare leaders now understand that the growing interconnectivity of their devices, business partners and health systems make cybersecurity everyone’s concern – and everyone’s responsibility.

A greater push to prioritize healthcare cybersecurity 

An organization's chief information security officer or chief information officer still will take the lead on prevention and mitigation, but many of these senior executives now have the support of their leadership to prioritize security. More organizations understand that their weakest link is a gullible employee, and they’re educating their staff about phishing attacks and safe practices – especially as more teams work remotely. Some organizations also make a point to educate patients, who are another link in the chain for cybercriminals to target. 

There will always be some degree of risk, and each organization will need to determine the right cost-benefit formula. An analysis of our 2020 Digital Health Most Wired data shows that organizations that had a comprehensive security program were more likely to have adopted medical device security tools and other advanced technologies; but not every organization may be willing or able to invest in these solutions. That doesn’t mean they can’t have good cybersecurity hygiene. Several free resources like cybersecurity frameworks offered by the National Institute of Standards and Technology (NIST) or the Baldwin Foundation are available as resources. 

We also have each other as a resource. The wonderful thing about healthcare is that it’s a community that will come together and help each other through anything. 

We have great digital healthcare leaders in provider settings, in industry, in government and elsewhere who share best practices and knowledge through groups like the Health Information Sharing and Analysis Center (H-ISAC). Educational events, like the Cerner Health Conference in October where Cerner’s Vice President and Chief Security Officer Don Kleoppel and I explored the topic of cybersecurity in a fireside chat, provide opportunities for digital health leaders to learn and network.

The CHIME 2020 Digital Health Recharge forum in November also included peer-led track sessions on cybersecurity. Both events were fully virtual, with some sessions made accessible on demand. Cerner, CHIME and the Association for Executives in Healthcare Information Security (AEHIS, a CHIME affiliate) have an abundance of resources available to the digital health community on our websites, too.

Healthcare has made progress with cybersecurity, but we still have room for improvement. Still today, only about one-third of participants in CHIME’s 2020 Digital Health Most Wired survey said they have a comprehensive security program. The top performers, those organizations that earned Digital Health Most Wired’s level 9 and 10 certifications, are making amazing advancements in cybersecurity and blazing a trail for their peers to follow.

By using the resources mentioned above, collaborating with peers and learning from leaders in the industry, we can close the cybersecurity gap. We may not be able to stop every bad actor, but we can make it such a challenge that eventually they give up in futility.

CHIME is dedicated to enhancing the state of healthcare cybersecurity through industry readiness, awareness and education. Learn more here

From managed services to purpose-built security solutions and compliance preparedness, Cerner provides the expertise and unique approach to cybersecurity necessary to help keep your data and your patient’s data protected. Learn more here

More like this: