|
I'm not an expert in IT security, but healthcare administration is my field of work. I agree that the healthcare organization should have had a backup in place, but the truth is that they likely had not thought of such a risk.
There are a myriad of reasons that healthcare organizations are more vulnerable than banks or Iphones.
First, I can't speak on Hollywood Presbyterian, but healthcare organizations have to make decisions on how to spend their money.
EHR (Electronic Health Record) systems can be very costly. Add on the software to make it interoperable throughout the system, the servers, etc. it racks up really fast.
With EHR, the honest truth is that security is not a high priority in terms of protecting from hacking. It often comes down to risk management. Healthcare organizations spend quite a lot to ensure that they are protecting PHI and maintaining HIPPA security regulations. The likelihood of violating HIPPA is huge.
Yet in terms of risk management, the threat of malware and hacking seems relatively low because of the fact that the healthcare information is not as financially useful as credit card information for identity theft. So why spend the money on ensuring protection against hacking when that money can be spent on starting up a telehealth unit or working on entering a health information exchange?
Furthermore, the use of EHR throughout an organization is relatively new. Doctors have generally resisted using EHR in the past due to numerous reasons. The healthcare field is still adjusting to the widespread use of technology throughout a system. I can bet that a large amount of organizations had not even assessed the possibility of having their EHR being locked and held for ransom as a risk.
TLDR: The healthcare industry evolves at the rate of molasses in comparison with other industries such as banking and tech firms. In general, IT security has not been high on their priority list. It will rise now.
|