Speaker Q&A: Take cybercrime seriously
By Tracy Orzel
Updated 1:59 PM CDT, Tue October 4, 2022
With cybercrime costing the world $6 trillion annually, HME providers need to perform assessments of internal and external vulnerabilities and threats regularly, not just once a year, says Jeff Woodham. HME News spoke to Woodham, vice president of operations at Mandry Technology Solutions, and host of the Medtrade session, “Cybersecurity protection and planning,” about why scammers are drawn to health care and what providers can do to mitigate that threat.
HME News: Just how big of an issue is cybersecurity for HME providers?
Jeff Woodham: The fact that they are attached to the health care continuum means they are in the crosshairs of many of the bad actors. Cyber criminals prioritize targeting health care organizations because patient records and information are worth 10 to 40 times more than other types of information, even credit cards. If you (steal) a credit card number you're going to use that immediately and that’s going to be known immediately. But in health care, you get all the identifiers of an individual and you can do identity theft over the long term – you can do pharmaceutical theft, services theft and then you can create new credit streams. All that takes a long time to be discovered.
HME: What are some common types of threats?
Woodham: They’re not too different from non-health care entities. End-user behavior such as phishing emails for credentials usually is high volume activity. Poorly managed firewalls are another common vector for threat attacks.
HME: What should providers prioritize for protection?
Woodham: Address end-user behavior with awareness training, education and phishing simulation campaigns. This is a common weakness of many organizations. Implement two-factor authentication—you can no longer depend on a username/password to be adequate for authorized access to systems. And at a culture level, treat cyber risk management as an ongoing process and not a one-time event.
Comments