While hospitals remain focused on restoring health to their patients, they must not let their defenses down when it comes to robust cybersecurity practice that safeguards their patients’ information.

In 2019, hospitals have grown more vulnerable to cyberattacks than any other type of organization. Outdated data systems, lack of experienced personnel, highly valuable data and the enticing prospect of ransoms paid for patient data are drawing cybercriminals to the health care market in record numbers. Ransomware attacks on health care organizations are predicted to quadruple between 2017 and 2020, growing fivefold by 2021.

It can be daunting to comply with regulations under HIPAA and other mandates governing Protected Health Information (PHI) in the time-sensitive environment of treating serious injuries and disease. It’s equally challenging to build defenses against cyberattacks that grow increasingly sophisticated, with a more compelling profit motive. Personal health information is 50 times more valuable on the black market than financial information; and stolen patient health records can fetch upwards of $60 per record. That’s up to 20 times more than credit card information.

With rapidly shifting regulations and mounting demands on organizations, determining which policies to implement, and when, can tax resources in terms of both money and time. For example: should hospitals require two-factor authentication each time an emergency room physician logs into medical records, when time is of the essence? Weak and shared passwords may be easy to remember; but do they have a hidden cost? These security practices, plus vulnerabilities in code, expose hospitals to perpetrators intent on hacking troves of patient data.

It’s critical for hospitals to focus attention and resources on strengthening cybersecurity and calibrating their controls with compliance.