Now in its 18th year, National Cybersecurity Awareness Month (NCSAM) continues to raise awareness about the importance of cybersecurity. 

Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), National Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure everyone in the Nation has the resources they need to be safer and more secure online.

The month’s theme of “Do Your Part. BeCyberSmart” encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity. But it’s a message that should resonate not just during the month of October, but all year long.

The sensitive nature of patient data flowing through healthcare IT systems and the lack of robust, mature security programs has made the healthcare sector a prime target for threat actors. Healthcare data is highly prized on the dark web as it can be used to create new identities, making it more valuable than basic credit card information.

Cybersecurity attacks on the rise

As the healthcare industry gets some breathing room from the pandemic, another one is surging – cyber attacks. Like the pandemic, these attacks have the ability to prevent hospitals from providing care to patients. Malicious actors are targeting the healthcare industry specifically for that reason.

We have entered a new era with the criminals behind these attacks. This year we have seen ransomware-as-a-service become ubiquitous in the cybercrime community, with cyber gangs supported by nation-states. Not only are these gangs committing the crimes, but they are offering support to other thieves to orchestrate more attacks.

Their attacks have caused sizeable damage in all industries. The sophistication and severity of attacks on healthcare has pushed the average cost of a breach to more than $9 million per incident, a 10% increase in just one year.

These attacks affect not just the bottom line, they also severely impede patient care and a healthcare organization’s reputation. Lawsuits are being filed with increasing regularity by patients who were prevented from receiving care during a cyber incident.

These increasing costs have also caused underwriters of cyber insurance to rethink policy renewals, and require attestations around the deployment of certain cybersecurity tools in order to maintain cyber insurance coverage.

Attacks on our nation’s critical infrastructures, including our hospital systems, has resulted in government agencies showing a renewed focus on cybersecurity. This has helped move cybersecurity to the forefront of many boardroom discussions.

As healthcare leaders, we must seize this opportunity to educate and inform stakeholders on the current cybersecurity threat landscape and the actions needed to combat these attacks.

Technologies and tools are not a guarantee that a hospital is secure from these cyber attacks. Employees are often targeted by attackers as a way to bypass technical security controls.

Strategies for safeguarding your healthcare organization

Infusing cybersecurity into the mindset of all employees is a cultural change which needs to be prioritized and adopted throughout the entire organization. In the spirit of “Do your part. Be cyber smart,” here are some tips and recommendations:

Empower your healthcare leadership 

Leaders within healthcare organizations — from the C-Suite to the board of directors — must realize that employees are on the frontline of these sophisticated attacks, and it is an organizational responsibility to be diligent in our efforts to protect patients and patient data.

Develop a cyber aware culture

A company culture that has broad and deep awareness of the security risks their organization faces has become an imperative within hospitals and health systems. Additionally, to stave off the bad actors and stay informed of emerging threats, it’s important to leverage other ecosystem resources, listen to lessons learned from peers, and leverage insights from other security professionals.

For expert guidance on how to strengthen the culture of cybersecurity within your healthcare organization from the top-down, watch our free, on-demand webinar, Getting the C-suite on Your Team.