Schedule a Consultation Today (614) 484-0918

Posted by A-Jay Orr

New Healthcare Risk: What Is Hacking-as-a-Service?

Healthcare IT professionals get tasked with protecting the most targeted industry in the world. In fact, healthcare organizations face twice the number of cyber attacks as any other industry. I hate to be the bearer of bad news, but this number might get a lot worse now that hacking has become a service for hire.

Formally known as Hacking-as-a-Service (HaaS), this new “industry” puts skilled hacking capabilities into the hands of anyone with a web browser and enough money to pay for service. It’s true, not all hackers are bad. For example, an ethical hacker may be hired to address a DoS (Denial of Service) attack. But there are plenty of malicious hackers in the world to warrant serious concern.


To keep operations up and patient information secure, Health IT professionals need to hack-proof their organizations.


Suffice is to say — it won’t be easy. The healthcare industry has made great strides over the last decade, but it still lags in information technology. If you haven’t already, I recommend focusing your attention on these three areas first.


1. Establish cybersecurity as a strategic objective.

This is especially important for Non-Profit and Non-Government Organizations (NGOs) that, historically, are lacking the most in terms of a cybersecurity framework. Define your objective. Create a strategy and a policy to enforce it. And get more than just buy-in from C-Suite. The executive team and board members should be leading the organization’s cybersecurity strategy, not watching it unfold from the sidelines.


Here’s a great article from CSO Online that outlines how to begin this process.


2. Appoint a Chief Information Officer.

Cybersecurity has gotten too sophisticated for organizations to manage on their own. They need an expert in the field who works alongside the COO and CEO to ensure information security maintains a seat at the boardroom table. For Non-Profits and NGO’s, who don’t have the same resources as larger organizations, a virtual CIO will perform all of the same responsibilities, provide all the same services, and has all the same qualifications and experience — but without the overhead associated with hiring an executive employee.


Once appointed, your vCIO will conduct a full assessment and security testing to identify any weak points. If additional securities are necessary, they will scout out the best solutions based on your organization and budget and needs, and oversee implementation.


3. Create a separate budget and spend plan for cybersecurity maintenance and improvements.

A recent survey indicated that 90% of healthcare organizations are raising their cybersecurity budgets this year to stay ahead of threats. Keeping this budget separate will ensure that competing priorities (IT, clinical, or otherwise) don’t diminish the ability to uphold your cybersecurity environment.


Unfortunately, these three areas of focus are just the tips of a much larger iceberg. Experts forecast an increasingly hostile cyber-landscape, and no doubt, healthcare will take its fair share of hits in the years to come. Most organizations understand this fact and have firmly placed cybersecurity as a top priority. If you’re committed to cybersecurity but aren’t sure if your strategy effectively aligns with your organization, don’t hesitate to bring in an expert 3rd party. The stakes are too high to “assume” that you’ve got all your security bases covered. Know for certain.