Recently, several Ward and Smith attorneys held a Health Care Breakfast and Learn to provide insights on the healthcare industry relevant to their specific areas of expertise, from privacy and data security to professional licensing issues and, labor and employment.
Privacy and Data Security
Peter McClelland, a privacy, data security, and technology attorney who is also a Certified Information Privacy Professional, began the discussion with some trends and tips for healthcare providers to be aware of in regards to cybersecurity.
“Healthcare and financial services are always neck and neck each year for which industry in the United States gets targeted the most by malicious cyber actors,” said McClelland.
In the world of data security, there are three major trends that have been especially relevant to healthcare providers over the past few years:
- Substantial increase in cyberattacks – malicious actors using trusted third parties or managed service providers to gain access to computer systems and personal information
- Significant uptick in the sophistication of cyberattacks – phishing schemes, tiny changes in email addresses, and spoofed email accounts increasingly difficult to identify
- Increased costs associated with successful attacks – average cost for a data breach in 2020 was around $4 million
Outside of the healthcare industry, an attack on a managed service provider, service partner, or supplier is typically referred to as a supply chain attack. These supply chain attacks are the ones that have made headlines in recent years, with companies such as Colonial Pipeline, Microsoft, and Cassia experiencing significant costs to their finances and brand reputation.
“When you read or hear about any of these things in the news, it can be easy to think that events are only tangentially relevant to you,” explains McClelland, “but the same techniques in all of those get repurposed against entities in the healthcare space every day, whether they make headlines or not.”
McClelland reported that phishing scams in prior years almost seemed to be deliberately obvious in terms of sophistication. Formerly, the most advanced phishing and ransomware technology was mostly just available to…