It’s no surprise to anyone within healthcare that the industry is ripe for hackers.
In second-quarter 2017, 26 percent of all observed cyberthreats were directed at healthcare organizations, making it the industry with the single highest volume of attacks. (Source: McAfee Labs research).
Healthcare began trending as an industry to attack in 2016 when hospitals around the world fell prey to ransomware attacks like WannaCry and NotPetya. Not only did these targets lose electronic access to systems and data, in some cases, the hospitals had to transfer patients and postpone surgeries.
What makes healthcare a desirable target?
While some healthcare data breaches are the result of accidental disclosures and human error, it is projected that significant security incidents will continue to grow in number, complexity, and impact. Through the 2018 HIMSS Cybersecurity Survey, 75.5% of respondents indicated that their organizations experienced a significant security incident in the past 12 months.
“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organizations in the sector possess,” said Vincent Weafer, Vice President for McAfee Labs. “They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information.”
What are the specific vulnerabilities?
1. Scale. It’s no secret that the healthcare industry holds a massive amount of data. From financial data to protected health information, systems across the board use a huge cache of information that hackers target.
2. Reliance on technology. Hospitals and facilities around the world rely heavily on overlapping systems, connected devices, digital touchpoints, and data in transit. It’s a treasure trove for points of attack.
3. Little room to negotiate. With patient health on the line, administrators have almost no wiggle room, and hackers take advantage of that vulnerability.
What changes are necessary in the industry?
David Wagner, president and chief executive officer of Zix, has over 25 years of experience in the IT industry. He offers three suggestions for a healthcare cybersecurity strategy: making it affordable, powerful, convenient, and forward-focused.
1. Implement multiple layers of security. A multilayered strategy includes good governance — such as systematically patching systems to account for both known and unknown vulnerabilities and frequently backing up systems — and getting rid of legacy systems that render greater vulnerabilities.
2. Provide rigorous employee training. Focus on training all staff levels on the policies and practices being followed, any red flags to be aware of, and how to report suspicious activity.
3. Focus on the weakest points. Organizations need to ensure that messages are scanned to detect and defend against inbound threats and automatic encryption is used to protect outbound communication.
Within healthcare, IT security is a bit behind the rest of the world for a variety of reasons. The bottom line is that cybersecurity isn’t given enough attention. Cybersecurity in healthcare is definitely in catch-up mode, and professionals are looking at other industries to see what they’ve done to protect themselves and what lessons have been learned.
For enterprise solutions or technology consulting, connect with Cyber Solutions Technologies. Specializing in cybersecurity, systems integration, engineering development and product support, and technology incorporating software-based multifactor authentication (MFA), you can contact Cyber Solutions Technologies for a consultation today.