CHICAGO — The health care industry was the victim of 88 percent of all ransomware attacks in 2016, according to a report from Solutionary.

It's no surprise that RSNA decided to make cybersecurity one of the main themes of the annual meeting.

“The threat is out there and what we can do best is to stay ahead of the curve," Lee Kim, director of privacy and security at HIMSS North America, told a room of radiologists last Tuesday.

The annual HIMSS cybersecurity survey found that 80 percent of the health care providers conducted cybersecurity awareness training once per year. Kim believes that the training needs to be done more frequently in order for it to be effective.

There are also a number of negligent things that physicians, nurses, technicians and anyone else with IT access can do to break the security of the systems within the hospital.

“It’s these easy things that we don’t necessarily think about all of the time, such as default credentials to get into our systems and easy user names and passwords to get into our radiology systems," said Kim. "That’s something that you always want to keep in mind.”

Malicious insiders such as high-level employees that got terminated are also a major threat. If they have administrative access to the systems, they could set off things like logic bombs that intentionally corrupt information.

Kim recommends that hospitals only grant employees access to what they need since not everyone requires administrative rights to bypass firewalls, redirect traffic, and install software.

Hospitals should also guard themselves against external threats. These types of attackers can get in through web servers and software that the IT department may be running, or even end-user applications and web browsers.

“I would highly recommend that you are behind [virtual private networks] and have some security measures in place," Kim added.

Health IT Homepage