How to Protect Your Organization from Cyber Attacks

September 29, 2015

Current Cyber Attack Trends

In light of a string of cyber attacks against Health Care Organizations, or HCO’s, in 2014 and 2015, it’s time for cyber security to be a main concern for all organizations in this field. Past attacks have taken place against Anthem, Premera Blue Cross, LifeWise, the UCLA Health System, and CareFirst BlueCross BlueShield. Along with these, thousands of IP addresses owned by HCO’s have been accessed illegally in the last 12 months according to a cloud-based threat intelligence study. The most recent attack is against Excellus BlueCross BlueShield of New York; in which 10.5 million members and clients had their information breached.

It was found that the largest issues with cyber security were the sharing of health records over mobile device applications and text messages, negligent employee behavior, a lack of planning and procedure, and a loss of control over protected data, amongst others.

When these cyber criminals enter these cyber databases, they gain access to:

  • Names

  • Date of birth

  • Social Security Number

  • Mailing addresses

  • Telephone numbers

  • Member identification numbers

  • Financial account information

  • Claims information

They steal this information for two main reasons: to sell to individuals that want to receive medical care under these fraudulent identities, or to funnel money from bank accounts found through stolen financial reports. Not only does this tragically ruin credit and take money from innocent individuals, but it also breaks the regulatory requirements of HCO’s (HIPAA, PCI, FISMA, FDA). This leaves these HCO’s liable to legal action, fines, and loss of business.

How to Protect Your Organization from Cyber Attacks

The entire approach to member security must change in conjunction with the implementation of cloud-based technology. To avoid becoming a victim of cyber attacks, HCO’s must increase the budget allotted to the Information Technology department for cyber security. On average, companies spend 1-3% of their budget on security, which usually includes anti-virus, anti-malware, and intrusion detection systems. But with recent attacks, this has been proven to not be enough. With an increased budget, IT departments will be able to:

  • Properly monitor network analytics.

  • Develop and test secure applications for mobile devices.

  • Create impenetrable data protection.

HCO’s should also invest in cyber-risk insurance and only do business with companies who have cyber-risk insurance. As far as in-house risks, companies need to not just restrict unnecessary internet access but also teach employees good online behavior. The Department of Homeland Security states claims an individual should:

  • Never click on links, open attachments, or give out personal information in personal emails on work computers.

  • Set secure passwords and do not share them.

  • Pay close attention to website URL’s.

Pay attention to the breaches that happen to other HCO’s so that the same cannot happen to you. Have a policy plan set for the possibility your intruder detection system notifies you of a breach. If you end up falling victim of a cyber attack, you can help prevent future attacks by having a security expert ascertain the IP address, routing information, type of malware used, and where your software was exposed. Then report that information to Homeland Security so that they can help warn other HCO’s from falling victim of the same attacks.

Works Cited

Kern, Christine. "Excellus Data Breach Undetected For Nearly Two Years.” Health IT Outcomes, 28 Sept. 2015. Web. 28 Sept. 2015.

"Protect Myself from Cyber Attacks." Homeland Security. Department of Homeland Security, 6 Aug. 2015. Web. 28 Sept. 2015.


Previous Article
Stars Infographic
Stars Infographic

Check out the top 5 ways MedXM can help boost your star ratings.

Next Article
How to Promote Men's Health Month
How to Promote Men's Health Month

Learn how to promote Men's Health Month to your members.


Request More Information

First Name
Last Name
Thank you!
Error - something went wrong!