Are there Holes in Healthcare Cybersecurity?

October is Cybersecurity Awareness Month - Are there Holes in Healthcare Cybersecurity? | Integrated Security Technologies

Are there Holes in Healthcare Cybersecurity?

October is Cybersecurity Awareness Month

What draws ten times more money on the black market than personal information stolen from credit cards? Healthcare records. It’s no surprise then that 41% of cybersecurity breaches were targeted towards the healthcare industry last year. Broken down, the data shows that healthcare organizations suffered a disproportionate 32,000 attacks per day per organization. This is compared to 14,300 per day per organization sustained by other industries, and makes healthcare the most vulnerable industry, with five times more total breaches than other industries.

The healthcare industry is the second biggest industry in the U.S., and as its professionals try to enhance patient care and navigate changing regulatory landscapes, healthcare cybersecurity is often relegated to the back burner. What makes this situation particularly disturbing is that the healthcare industry has the most to lose from these types of attacks; in addition to the monetary losses, cyber attacks targeting medical devices can become a real matter of life and death.

This issue is further compounded by the fact that the average healthcare cybersecurity budget is only about half that of other industries, and employees may be motivated by money to share sensitive information. A recent Accenture study revealed that “18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000.”

What’s at Risk?

These attacks threaten patient’s identities and financial well-being – and they can also affect their health. In 2016, hackers targeted the large Maryland-based healthcare system, MedStar Health, with ransomware. MedStar had to shut off its email and patient record database. Even more ominous, it couldn’t provide radiation treatments to patients for several days, a potentially life threatening situation.

Criminals can access other IoMT (Internet of Medical Things) devices connected to a network, including medical lasers, X-ray and MRI machines, ventilators, pacemakers, electric wheelchairs and other critical equipment. Since these devices are comprised of various parts and software from a number of different companies that may not focus on security, they are especially at risk. Hackers can even target specific individuals, as was the case of former U.S. VP Dick Cheney, who received threats warning of an attack on his pacemaker. His doctors had to disable the device.

How Are Criminals Breaching the Networks?

Many hackers use emails to access healthcare networks:

Smart Healthcare Cybersecurity Solutions

To counteract these threats, those in the healthcare industry can take several steps. By viewing every identity as they would a physical security perimeter, they can focus on validating every access request on every device, verifying the identify of every user and limiting access and privilege. On the network front, healthcare organizations must secure their networks and extend this to the cloud. Any sensitive information that is sent must also be encrypted. Additionally, organizations can implement machine learning to monitor user behavior patterns and spot anomalies that reveal hacker behavior.

Healthcare organizations must also move faster and provide more thorough software patches and updates. They can deploy threat intelligence and automation as well as offer critical cyber-awareness training to employees to help them manage email, social media and other entry points.

If you’re a healthcare professional and would like to learn about how to better secure your data, you can read more here.