Is the influx of bring-your-own mobile and medical devices making your network more susceptible to cyber-attack?
According to simulated cyber attacks on healthcare organizations, that answer is a definitive yes. And many healthcare entities are ill-prepared for just such an event.
“The growing adoption of new and connected health information technologies and widespread use of mobile devices continue to increase the industry’s exposure to potential attacks,” said Jim Koenig, a health principal at Booz Allen Hamilton.
Which is why a group ranging from healthcare payers to medical centers participated in exercises that simulated real cyber attacks on healthcare organizations. The attack scenarios, dubbed CyberRx and conducted in partnership with HITRUST and the U.S. Department of Health and Human Services, targeted medical devices, health information systems, health exchanges, even Healthcare.gov to see how well they could hold up under such an event.
Here's what they found:
- Organizations that participate in cyber exercises are more prepared for a cyber attack. This was regardless of the maturity and comprehensiveness of their information security program.
- Organizations that can better communicate with all the stakeholders involved - both inside and outside the organization - fared better.This was true for legal, crisis management, business operations, management and external business partner stakeholders.
- Organizations learned they want greater freedom to communicate and collaborate during a cyber crisis despite potential legal restrictions.
Booz Allen Hamilton included more findings in a report it wrote about the test.
Exercises examined both broad and segment-specific scenarios that target information systems, medical devices and other essential technology resources of the healthcare industry.