One of the highlights of my professional career last year was attending the 2022 joint annual Compliance and Internal Audit Conference organized by the Healthcare Financial Management Association (HFMA) MA-RI Chapter and the New England Healthcare Internal Auditors (NEHIA) organization and held at the Mystic Marriott in Groton, CT. I would highly recommend this conference to anyone looking to hear from leaders in this area!
During the conference, participants had the chance to hear from two speakers, Linn Freedman a US Partner/ Chair for Data, Privacy, & Cybersecurity at Robinson+Cole and Ray Gandy, leader of the IT Risk and Assurance Practice for CBIZ/MHM, on the topic of cybersecurity. Both presentations highlighted the emerging risks and trends related to cybersecurity in healthcare, emphasizing the potential consequences of cyber threats if not properly prevented. A few highlights from these presentations are detailed below:
Faster than ever before, individual data is analyzed, quantified, processed, stored, and sold by data aggregators. As there is increased access to information and most organizations have begun transitioning to digital/cloud-based work, systems, and records, the mobilization of bad actors has intensified. Currently, 95% of security incidents are caused by human error, often related to inaccurate system use (e.g., system misconfiguration, poor patch management, easy to guess passwords). Similarly, cyberattacks are not only an external risk. Internal threats pose an added danger as malicious insiders can cause detrimental impacts while remaining undetected by system protections.
Ray Gandy highlighted a few quick stats related to cybersecurity:
- In 2022, there has been an 80% increase in cyberattacks
- The average ransomware payment is $111,605
- The average cost of an organizational data breach is over $4 million
- The average length of time to identify and contain a breach is 280 days
Linn Freedman provided a multitude of examples illustrating the risks and dangers related to cybersecurity, specifically noting the recent ransomware attack on the second-largest US hospital chain’s electronic medical record (EMR) system. During her presentation, Linn emphasized the increased likelihood of cyberattacks occurring to any organization, regardless of size or location, as bad actors become more advanced and sophisticated in their attacks.
Overall, the recommendation was that healthcare organizations should evaluate their current cybersecurity infrastructure and recognize where vulnerabilities may exist. In doing so, the organization will strengthen its protection against the unpredictable and ever-changing cybersecurity risk landscape.
You can view a copy of Linn and Ray’s full presentation as well as other presentations from the conference here: https://www.ma-ri-hfma.org/nov-30-dec-2-2022-handouts/
Save the date for next year’s conference!
Wednesday, November 29 – Friday, December 1, 2023
Mystic Marriott, Groton, CT
Submitted By: Caroline Burkhart, Deloitte Risk & Financial Advisory Analyst