Written by HITRUST Independent Security Journalist Sean Martin.
As the healthcare industry continues to experience an increase in cyberattacks causing data breaches—financial losses and operational disruptions also continue to mount. To help healthcare organizations take on this challenge, HITRUST launched the HITRUST CyberAid program in the summer of 2016.
The progress of the program is clearly illustrated by its early successes: 40 percent of the healthcare practices that joined the program discovered that malware was running on their IT systems. But today, no malware exists on any of these systems.
HITRUST CyberAid is an innovative program that provides an effective and affordable cyber defense solution for smaller healthcare organizations that historically have not been able to protect themselves from attacks, viruses, malware and threat actors. The program features world-class network and endpoint protection coupled with management and monitoring that adds up to effective cyber protection.
Extending Cybersecurity Protection Across the Continuum-of-Care
One of the organizations that has benefitted from HITRUST CyberAid is Children’s Health—the seventh-largest pediatric healthcare provider in the country and the only academically-affiliated pediatric hospital in the Dallas area. Children’s Health collaborates with many small medical practices and participated in CyberAid because of how well the solution allows organizations to consume, act on, and share threat information while also scaling to the size of smaller organizations.
“As an organization that hosts small practices on our electronic medical records system and connects to hundreds of other practices via a clinically-integrated network, it’s important that we protect data across the entire continuum-of-care,” says Pamela Arora, a Senior Vice President and the CIO for Children’s Health. “By participating in CyberAid, we added a layer of security to our environment while also enabling our affiliated practices to benefit from the robust security solutions offered by the program.”
The results of the program at Children’s Health have been highly favorable to date. 40% of the practices affiliated with the organization that were initially assessed found active malware or spyware. However, all the threats that were discovered by the CyberAid solution were quickly remediated. As Children’s Health continues to roll the program to the rest of its affiliates, similar results are expected.
The program has also led to key learnings. “We discovered that with the right technologies and the right expertise, adding layers of security protection can be implemented without disruption to our clinics,” Arora says. “The implementation of CyberAid literally takes just a few moments. This makes adoption much more convenient—allowing our healthcare providers to continue focusing on patient care.”
Children’s Health also found that CyberAid benefits the broader healthcare ecosystem—by extending cybersecurity protection to provider practices that may not otherwise have access to security tools. The technology also brings peace-of-mind by giving small practices access to the same cyber defenses often only available to larger organizations; certainly from a cost perspective, but also from a implementation and management perspective.
“It’s reassuring for our organization and our affiliates because we know that all of our data is secure from end-to-end,” says Arora. “It comes down to facilitating care delivery, and CyberAid enables us to focus on taking care of patients while knowing our cyber defenses are effectively protecting sensitive patient information.”
The Importance of Avoiding the Risks of Inadequate Security
For all healthcare organizations, the risks of inadequate IT security are many. They include the financial loss of thousands of dollars through audits and fines associated with HIPAA and state regulations as well as ransomware, which is also on the rise. In 2016, many U.S. hospitals suffered from attacks where the ransom demand ranged up to $19,000. We’re likely to see that number continue to rise, which should come as no surprise.
There’s also the potential loss of information that could disrupt care delivery. That alone makes it imperative to deploy an advanced security program like CyberAid.
For more information on the HITRUST CyberAid program and deploying security measures to make sure your patient information remains protected view this overview.