Cyber-attacks in the healthcare sector are growing not only in frequency but also in success rates. It’s hard to imagine who could be so cruel as to attack healthcare administrators, but threat actors are becoming more ruthless.
“It’s hard to imagine anything more cynical than holding a hospital to ransom, but that is exactly what’s happening with growing frequency. The healthcare sector is a popular target for cybercriminals. Unscrupulous attackers want data they can sell or use for blackmail, but their actions are putting lives at risk. A cyberattack on healthcare is more than an attack on computers. It is an attack on vulnerable people and the people who are involved in their care; this is well illustrated by the breadth of healthcare organizations, from hospitals to mental health facilities to pharmaceutical companies and diagnostic centres, targeted between June 2020 and September 2021.” (World Economic Forum).
The results of the attacks, that have grown in prevalence, are substantial.
“Over 10 million records have been stolen, of every type, including social security numbers, patient medical records, financial data, HIV test results and private details of medical donors. On average, 155,000 records are breached during an attack on the sector, and the number can be far higher, with some incidents reporting the breach of over 3 million records.” (World Economic Forum).
Ransomware attacks had significant impacts on healthcare systems and procedures.
“Ransomware attacks on the sector, where threat actors lock IT systems and demand payment to unlock them, have a direct impact on people. Patient care services are particularly vulnerable; their high dependence on technology combined with the critical nature of their daily operations means that ransomware attacks endanger lives. Imagine being in an ambulance that is diverted because a cyberattack has caused chaos at your local emergency department. This is not a hypothetical situation. We found that 15% of ransomware attacks led to patients being redirected to other facilities, 20% caused appointment cancellations, and some services were disrupted for nearly four months.” (World Economic Forum).
Progress needs to be made in cyber-security in the healthcare sector to prevent these kinds of debilitating attacks.
“Software and security tools need to be secure by design. This means putting security considerations at the centre of the product, from the very beginning. Too often security options are added as a final step, which means they paper over inherent weaknesses and loopholes.” (World Economic Forum). “Healthcare organizations should also do more, particularly increasing their investment in cybersecurity to secure infrastructure, patch vulnerabilities and update systems, as well as building and maintaining the required level of cybersecurity awareness-raising and training of staff. Healthcare organizations also need to commit to due diligence and standard rules of incident handling.”
The responsibility not only lies on healthcare organizations, but also on lawmakers.
“Governments must enforce existing laws and norms of behavior to crack down on threat actors. They should cooperate with each other to ensure that these laws are put into operation in order to tackle criminals that operate without borders. More should be done to technically attribute cyberattacks to identify which actors have carried out and/or enabled the attack.” (World Economic Forum).
Security Magazine has some steps healthcare organizations should take to improve their cyber-security.
“The first step is deceptively simple: Where are your vulnerabilities? Yes, it’s straightforward, and it’s usually easy to take this first step. The challenge is that many people stop here.” (Security Magazine).
Longterm plans and prevention methods should be the goal.
“Think about implementing countermeasures over a span of days and weeks, not months and years. But how? And with whom? If cybersecurity isn’t your organization’s forte, it’s worth partnering with an experienced vendor.” (Security Magazine).
Additionally, cyber-security should be a priority indefinitely.
“There’s no “set and forget” for cybersecurity programs. Cyber threats change by the minute. Do you have in-house resources to monitor and respond to every escalation of privileges? Or can you review every modification of an important file? If not, having a managed service partner just a phone call away — with the ability to show up on-site if needed — takes the pressure off of an organization.” (Security Magazine).
Have any questions about cyber-security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh South Carolina. Service offerings include I.T. support, cyber-security and compliance, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Sources:
Stephane Duguin. World Economic Forum. “If healthcare doesn't strengthen its cybersecurity, it could soon be in critical condition” Nov. 8, 2021. https://www.weforum.org/agenda/2021/11/healthcare-cybersecurity/
Jay Abdallah. Security Magazine. “A 3-step approach for healthcare organizations to elevate cybersecurity” Nov. 10, 2021. https://www.securitymagazine.com/articles/96494-a-3-step-approach-for-healthcare-organizations-to-elevate-cybersecurity