Malware Is Top Information Security Concern for Healthcare Execs

Four-fifths of executives at healthcare and payer organizations said in a 2015 KPMG survey that their IT has been compromised by cyber-attacks. Malware was the top information security concern of the 223 healthcare executives surveyed.


The recent cyber-attack on a California hospital highlighted ongoing malware dangers for hospitals and the need to plan accordingly, according to health IT experts.


Malware attacks cause significant problems for providers, the most significant being the impact on patient care. Other problems include the organization’s ability to operate electronic health records, imaging equipment and life-sustaining systems that are integrated into the information network. Malware is very difficult to detect because it lacks the fixed code of traditional bots and viruses. (“Hospital Breach Shows Malware Danger,” HFMA Weekly News, February 19, 2016)


IT experts expect such attacks to increase as organizations implement population health and coordinated care because these initiatives require more significant patient data pools.


Internal limitations in health IT systems are critical to limit the potential spread of malware within a system, as are aggressive monitoring and detection systems to identify malicious activities that have entered the system, according to one IT expert. Another noted that comprehensive and regular data backups also are critical for hospitals and other providers because even if the malware developer releases the data, that data has been compromised.


The consequences of weak data security could be lost data; class action lawsuits; investigations and possible penalties by state attorneys general, the Department of Justice and the Department of Health and Human Services Office of Inspector General.


However, preventing, detecting and mitigating malware breaches carry “large up-front and ongoing costs,” according to financial analysts. “Although some providers are banding together to minimize the costs involved . . . many hospitals have found such costs are affordable only through consolidation.” (“Hospital Breach Shows Malware Danger,” HFMA Weekly News, February 19, 2016)


The authors of the KPMG study found that 85 percent of healthcare providers have discussed cyber security at the board level in the past year. They noted, however that nearly one-fifth of healthcare providers do not have a leader solely responsible for information technology security. (HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities, KPMG, 2015)


To read the KPMG report, please click here.



iProtean subscribers, the advanced Governance course, Committee Effectiveness, is in your library. This course features Barry Bader and Pam Knecht, who cover committee structure and task forces, ideal committee size and composition, independent members, the committee charter, information and reports, and committee evaluation.



For a complete list of iProtean courses, click here.



For more information about iProtean, click here.