Nick Biernat, Manager of Information Services and Compliance of HealthChampion recently shared his insights with Business Insider Intelligence. Here’s what the pros are saying:

What’s the biggest contributor to the poor state of cybersecurity in healthcare?

Currently the biggest contributor to the poor state of cybersecurity in healthcare is a lack of awareness and training. According to the 2018 Verizon Data Breach Investigations Report phishing and financial pretexting — obtaining financial information under false pretenses — represented 93 percent of all breaches investigated by Verizon, with email being the main entry point at 96%. Well over 90% of successful attacks against healthcare providers involve exploiting people in some form to reveal sensitive information, and therefore the most effective way of preventing an attack is to invest in a comprehensive and periodic training program for staff. The days of disgruntled high school kids playing pranks are gone and online criminals are sophisticated and well equipped.

What, if anything, can healthcare stakeholders do to boost their organizations’ cybersecurity efforts?

Many online attacks begin with automation, that is, a smart bot or computer running a series of commands to attack systems via various means such as email and web. Enabling Multi-factor authentication for all user accounts is hands down the cheapest, quickest and most simple way to immediately decimate a criminal’s chances of exploiting healthcare systems. Multi-factor authentication – or MFA for short – requires a user to have username and password (something they know) paired with a separate authentication code that is sent to their mobile device. By forcing users to approve each sign-on, an attacker who successfully steals usernames and passwords has them rendered useless. According to Microsoft’s Security Blog 99.9% of attacks can be prevented using MFA.