Why Senior Living Providers Need to Get Serious About Cybersecurity
Large scale cybersecurity attacks have become commonplace in news headlines in recent years. However, it isn’t only large companies like Sony and Uber that experience these attacks. In fact, according to Accenture’s Cost of Cybercrime Study, 43% of cyber attacks are aimed at small and medium sized businesses. Further, Accenture estimates that only 14% are adequately prepared to defend themselves.
Most concerning is that according to Ponemon Institute’s State of Cybersecurity Report, 66% of small to medium sized businesses around the globe experienced a cyber attack in the past 12 months. Oftentimes, businesses are not even aware that their customer data has been compromised.
Senior Living is no exception and attackers have been targeting providers. The consequences of an attack can be severe. Litigation costs and damages often range in the millions. Furthermore, attacks can be incredibly damaging to a senior living provider’s brand and reputation.
So what can senior living companies do to protect themselves?
Choose their vendors wisely.
Recent attacks on senior living operators have been largely through their vendor relationships, often software vendors. One of the most impactful actions Senior Living companies can take is to incorporate cybersecurity into their vendor selection and review process.
During the evaluation process, Senior Living companies at a minimum need to ensure that their software vendors have adequate cybersecurity insurance coverage. 83% of small and medium-sized businesses are not financially prepared to recover from a cyber attack. A small software vendor will not have the financial resources to make providers whole in event an attack occurs. Guarantee protection by ensuring software vendor partners have adequate coverage.
However, to be the most confident company data is secure, only work with vendors that are SOC 2 Compliant. SOC 2 is the gold standard of security for software companies.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should securely manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy. Achieving SOC 2 compliance requires a rigorous third party review, the outcome of which is a SOC 2 report. A SOC 2 report proves a client’s data is protected and kept private from unauthorized users.
Icon is a leader in data security.
We take data security very seriously. Because we want to give our customers peace of mind that their critical data is protected and secured, we invest in our security and are a SOC 2 Compliant organization. To learn more about what this means,