Norway’s Data Breach: Lessons for the US Healthcare Industry[source: teramind]
One of Norway’s largest healthcare providers,Health South-East RHF (translated), has become the victim of a data breach that may have exposed sensitive data from half the country’s population. This amounts to about 2.5 million people. For comparison in the U.S. the Equifax data breach exposed around half the country’s sensitive data to hackers who claimed it was easy. Despite the size of the breach, the healthcare provider acted swiftly to mitigate damage, send out notifications, and activate their incident response plan. Additionally the hospital network worked with vendors and trusted partners to expedite the mitigation of the data breach. While this incident did happen in Norway there are some critical lessons that healthcare organizations in the U.S. can take away from this situation.
Overview of Healthcare Cyber Security Hygiene
While headlines are saying that half the Norwegian population’s data was potentially exposed to hackers from this data breach, it is dwarfed in comparison to how many Americans have their personal information leaked to hackers every year. Accenture took a recent survey of U.S healthcare providers and the results were not great. Roughly 83% have experienced a cyber attack, most of those being the result of a phishing emails, malware downloads, and unauthorized access. This indicates that insider threats are still the leading cause of concern in the healthcare industry. When it comes to technology adoption only 44% of practices plan to adopt behavior analytics-based technologies such as anomaly detection. When responding to a cyber security incident it was revealed that healthcare organizations notify their internal IT group or notify educated employees, following an incident response plan came in third. Even worse, contacting the Police, FBI, or DHS came in 6th. Additionally, according to Black Book Research 54% of providers do not conduct regular risk assessments, meaning even the providers are in the dark when it comes to how secure they are from a data breach.
Despite the state of cyber security for healthcare professionals not all hope is lost. The data breach that happened to Health South-East RHF carries lessons for US based healthcare providers. Let’s explore some of those lessons now.
For more, click here.