Posted by Dawn Marie Bailey
The year 2016 averaged one health care data breach per day, affecting more than 27 million patient records, according to Protenus, Inc., which recently collaborated with DataBreaches.net on the “Breach Barometer Report: Year in Review.”
Additional findings from analysis of that report, which pertains to health care, follow:
- There were 450 total breach incidents in 2016.
- Insiders caused 43 percent of the data breach incidents.
- Hacking and ransomware were responsible for 26.8 percent of the breaches.
- It took the average entity 607 days to discover breaches caused by insider wrongdoing.
- Breach incidents affected 47 states.
“There’s no such thing as total security anymore. You must make every effort to strengthen security as much as possible,” said Michael Dowling, president and CEO of Northwell Health, in a recent article in Becker’s Hospital Review. “Hacking and data breaches are realistic and stubborn dangers we face each day. No [leader] has the luxury of dismissing these threats or viewing the work to prevent them as optional.”
Of course, breaches related to cybersecurity are not reserved for the health care industry.
Jon Boyens of the National Institute for Standards and Technology (NIST), in a paper titled “Integrating Cybersecurity into Supply Chain Risk Management,” pointed out that trends, including the Internet of Things (where everything is smart and interconnected), IT-enabled supply chain management, and 3-D printing, present cyber risks that can result in the delivery of poor quality, compromised or counterfeit products that diminish brand reputation, loss of intellectual property, and compromised customer information and operational control systems.
Paul Myerson, professor of practice in supply chain management at Lehigh University, highlights in a recent Industry Week article incidents such as hackers gaining access to owner data on 600 million Samsung Galaxy phones and poor information security by service suppliers leading to recent data breaches at Target, Home Depot, Goodwill, and many other companies and organizations.
In light of the increasing volume and sophistication of cyber threats, organizations need a systems approach to improve their cybersecurity performance. The Baldrige Program has been working hard, in collaboration with the Applied Cybersecurity Division at NIST and industry experts, to develop the Baldrige Cybersecurity Excellence Builder, a voluntary self-assessment tool that enables organizations to better understand and improve the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations to identify opportunities for improvement based on their cybersecurity risks, needs, and objectives, as well as their larger organizational environment, relationships, and outcomes.
To help organizations use this tool and improve their cybersecurity performance, the Baldrige Program is hosting a Baldrige Cybersecurity Excellence Builder Workshop and panel session in conjunction with the 29th Annual Quest for Excellence Conference at the Baltimore Marriott Waterfront Hotel in Maryland on April 2 (workshop) and 3 (panel).
The program invites you and anyone concerned with and responsible for mission-driven, cybersecurity-related policy and operations in your organization to attend this interactive workshop. Attendees will learn how to use the Baldrige Cybersecurity Excellence Builder to better understand where their cybersecurity efforts are today and what they can look like in the future, as well as how to conduct a self-assessment of their cybersecurity programs.
Baldrige Director Robert Fangmeyer has written, “In our increasingly connected data-driven world, protecting data, information, and systems has become a basic necessity for organizations of all kinds and a critical national priority.” Baldrige Cybersecurity Excellence Builder and this workshop are designed to help organizations of all kinds start assessing their cyber risk now.
The Baldrige Cybersecurity Excellence Builder Workshop is available on a first-come, first-serve basis. Registration is now open with limited seating.
Registration is also now open for the 29th Annual Quest for Excellence Conference, which will feature the 2016 Baldrige Award recipients and many more national role models sharing their best practices.