At the annual World Medical Assembly (WMA) in Taiwan this month, one of the hot topics was “Cyber attacks on health and other critical infrastructure”, as reported in this statement. Only last year, over 100 million healthcare records around the world were compromised, according to IBM’s 2016 Cyber Security Intelligence Index, making the healthcare industry the most frequently attacked industry in 2015.
Companies in this sector, from small GP practices to large healthcare corporations, are at the mercy of cyber criminals for two primary reasons:
- They manage and store highly sensitive data and personal information that cyber criminals are eager to steal in order to nurture their identity fraud schemes or to sell them on the black market;
- Small practices and companies, in particular, generally lack financial resources and technically-skilled staff to create and implement robust cyber security strategies.
Moreover, healthcare companies are not able to keep pace with the fast-evolving world of cyber crime, meaning that their current security procedures and strategies are outdated.
Healthcare companies are urged to put breach prevention systems in place
Consequently, Professor Frank Ulrich Montgomery, vice chairman of the WMA, claimed that “ [The WMA] would like to see medical institutions urgently put in place comprehensive systems for preventing security breaches, including training staff about data handling practices”. A bold statement shared by the National Data Guardian for Health and Care: “all health and social care organisations should provide evidence that they are taking action to improve cyber security, for example through the ‘Cyber Essentials’ scheme”, as reported in July.
According to recent figures, the UK healthcare industry comprises around 100,000 companies, but only 0.02% are certified to the Cyber Essentials scheme. Lots has yet to be done to reduce the risk of cyber attack and, consequently, to better protect patients’ privacy.
Prevent around 80% of basic cyber attacks
Launched in 2014, Cyber Essentials is the UK-Government backed security scheme that sets out five security controls that could prevent around 80% of basic cyber attacks, improving cyber security and preserving the company’s reputation and future business. Cyber Essentials certification also demonstrates to customers, suppliers and third parties that data security is being taken seriously and – by choosing a CREST-accredited certification body like IT Governance – that the cyber security status has been independently verified by a third party.
To help companies of any size and with any level of information security competence adopt the Cyber Essentials scheme, IT Governance has developed three packaged solutions. With the CyberComply portal, all companies can be in full control of their certification process, assisted by IT Governance’s experienced consultants.
Demonstrate your customers that you take cyber security seriously. Get certified now from just £300 >>