Cybersecurity Investments Needed to Protect Healthcare Industry, Patients

Virtual Conference October 21, 2020 Features Expert with Critical Advice

(MERCERVILLE, September 8, 2020) –  While the healthcare industry is expected to spend $65 billion from 2017 to 2021 on cybersecurity products, many hospitals will continue to be at risk of cyberattacks, which will cause damages that could cost as much as $6 trillion by next year. This is a significant increase from $3 trillion in 2015, according to an April 2020 report by Cybersecurity Ventures. The following statistics back up these predictions: The healthcare industry endured two to three times more cyberattacks in 2019 compared to other industries, and healthcare data breaches affected more than 41 million patient records last year, which equals a 196% increase from 2018.

“The amount of sensitive information held by healthcare organizations makes them more appealing to attackers and, therefore, more vulnerable,” explained Daniel Eliot, Director of Education & Strategic Initiatives at the National Cyber Security Alliance. He added that the increased reliance on telemedicine raises additional security risks. “Connections should be secure and encrypted. From a small healthcare facility to the largest hospital, all are at the top of the list of targets,” he stressed.

“There is a lack of investment in cybersecurity as a whole, whether it’s not hiring qualified staff or not seeking information technology [IT] security vendors. One challenge of cybersecurity is that it’s not as tangible as fire, flood and other threats. You can’t see it and it sneaks up on you quickly,” Eliot said.

To help organizations understand cybersecurity, make the best investments to reduce risk of cyberattacks and mitigate the impact of any invasions that may occur, Eliot will deliver the keynote presentation, Converting Awareness into Action: It Begins with Culture, during the New Jersey Association of Mental Health and Addiction Agencies’ (NJAMHAA’s) IT Project’s conference, No Fooling: IT is Critical!, which will be held virtually on October 21, 2020.

According to Eliot, when companies invest in cybersecurity, there is often a misalignment of funding. “Many organizations spend a lot on technology, such as firewalls and virtual private networks, and believe they’ll be secure. We underestimate the human elements and the need for

training. Once cybercriminals get past a firewall, employees click on harmful links in e-mails,” he

More

Cybersecurity Investments Needed to Protect Healthcare Industry, Patients/Page 2 of 2

said, emphasizing that three elements are critical for having better security: employees who are well trained, solid processes and effective technology.

June Noto, NJAMHAA’s Vice President of Information Technology, Human Resources and Administrative Services, reinforced the importance of training. “Education is the singular most important tool that any employer can implement. Sure, there are firewalls and routers, and anti-virus and anti-malware software, but nothing, except education and awareness, can protect end users from scammersencou” she said.

However, training and education are just part of the picture. The focus on cybersecurity needs to be integral to every organization’s culture.

“Cybersecurity is a resilience-based topic, and these topics are not as sexy as generating leads or getting more customers or capital. Organizations tend to think of risk and resilience only one time a year or when something happens and they have to address it. Reducing risk and building resilience need to be part of every organization’s culture,” Eliot stated.

To further reinforce the importance of employee training and buy-in, Eliot stated, “It’s not always malicious actors who bring threats to healthcare organizations. Sometimes, it’s internal actors who make mistakes, for example, accidentally sending patient records to the wrong recipients. This happens a lot in health care. Organizations need to reduce risks inside their organizations, which are present in potential mistakes, as well as disgruntled employees and contractors.”

Please visit www.njamhaa.org/events for links to details and online registration for the conference, No Fooling: IT is Critical!, which will be held virtually on October 21, 2020.

“When it comes to culture, compliance with laws, regulations and industry standards doesn’t mean security, and employees’ awareness doesn’t necessarily mean they’ll care,” Eliot warned. During his presentation, he will explain how to develop and implement awareness campaigns that motivate individuals to help reduce risk. “Every employee has a role in protecting the enterprise. Everyone must be equipped with knowledge, tools and resources to do that,” he stressed.

###

The New Jersey Association of Mental Health and Addiction Agencies, Inc. (NJAMHAA) is a statewide trade association representing 144 organizations that serve New Jersey residents with mental illness and/or substance use disorders, and their families. They serve more than 500,000 children and adults each year and contribute to the economy through 61,000 direct and indirect jobs. The NJAMHAA mission is to promote the value of its members as the highest quality behavioral healthcare providers for the residents of New Jersey through advocacy and professional development.

For more than 30 years, the NJAMHAA Information Technology (IT) Project has been leading New Jersey’s community mental healthcare and substance use treatment providers through the continuous evolution of the computer age. Formed in 1984 as the Management Information System Project, a joint public/private venture among NJAMHAA, the State of New Jersey’s Division of Mental Health and Addiction Services and Project participants, the IT Project was the only venture of its kind at the time to be initiated by a state division to help non-profits implement the new technology of desktop computers. To date, no other venture as expansive as the NJAMHAA IT Project has yet to be duplicated any place else in the country, despite the immense need for it. NJAMHAA changed the name of the project in 2003 to the IT Project to reflect a wider array of services incorporating new and future technologies.