In the wake of the recent COVID-19 pandemic, the healthcare industry faced a myriad of cybersecurity threats ranging from malware to denial of service (DDoS) attacks. These healthcare cybersecurity attacks disrupted the entire logistic system of patient care along with privacy and backend systems. Experts say that these attacks will be on the rise in the coming years and will impact the healthcare industry well into 2022 and beyond.
Reports suggest that healthcare cybersecurity attacks have increased by 150% in the US alone since the start of the COVID-19 pandemic. The FBI has also witnessed a considerable spike in the complaints in cybersecurity crimes, with over 3,000 to 4,000 complaints filed each day as compared to about 1,000 complaints filed during the pre-COVID era.
While the healthcare professionals were busy and overburdened with patients, the influx of such security incidents exposed the loopholes in the system. According to the 2020 HIMSS Cybersecurity Survey, 70% of hospitals (in the survey) experienced financial losses (20%), disruption of IT services (28%), data breaches (21%), and disruption in business functions (25%) as a result of phishing and malware attacks.
The average cost of the data breach within the healthcare industry was US$9.23 million – the highest in 2021, the eleventh year in a row, per Cost of a Data Breach Report 2021 by IBM.
It is clear that the healthcare sector is a highly vulnerable target for financially motivated cybersecurity criminals. But what can we learn from these attacks? Most importantly, how to identify such attacks to mitigate or prevent them in the future?
- Current cybersecurity challenges faced by the healthcare industry
- Ways to improve healthcare cybersecurity
- Conclusion
Current cybersecurity challenges faced by the healthcare industry
- Among the most common aspects of cybersecurity concerns is outdated IT security systems and infrastructure. In a recent cybersecurity attack on UVM Health Network in October 2020, around 5,000 network computers were infected and led to a system outage for more than 40 days. The hospital lost over US$1.5 million per day and the total losses are likely to exceed over US$ 63 million by the time this incident gets resolved.
- There has been a significant rise in cloud threats as an increasing amount of patient information is stored on the cloud these days. If the information is not encrypted properly, this can make it a prime threat for hackers.
- Insecure interconnected networks are most vulnerable to malware attacks. Hackers can shut down an entire network of computers or devices within minutes and then often demand ransom.
- Phishing attacks via emails in the form of malicious links pose a serious threat to patient information, and hackers can easily capitalize on such information. In several cases, wearable technology linked with an insecure network connection is easy to be tampered with.
- Misleading websites with similar addresses to reputable healthcare sites often fool users into giving out their information, further jeopardizing the patient’s health and privacy.
- Failure of compliance by healthcare employees can also lead to misuse of information by cybercriminals.
- Encryption blind spots are created when cyber criminals use encryption as a means of hiding tools for data breaches.
- A vast number of medical devices such as pacemakers connected to the internet make it easier for cybercriminals to interrupt or disable such systems. It is easy to tamper with data to manipulate prescriptions, lab results and prevent patients from getting immediate treatment in some cases.
Ways to improve healthcare cybersecurity
Healthcare cybersecurity breaches can be very expensive for medical organizations. A lot of hospitals are unable to allot the budget for IT infrastructure and security systems. Others simply can not afford the recovery cost of such cybercrime incidents.
However, there are ways to prevent such incidents and quickly regain data in the event of cybercrime. We have enlisted some strategies that can help the medical organization improve their cybersecurity –
1. Prioritize the defenses
Most of these cyberattacks start with a human – by clicking a malicious link or logging in with a weak password. Healthcare organizations need to up their game and prioritize their defenses against ransomware and malware. Ransomware can infect a large network of interconnected computers in just one click. Hospitals need to analyze their IT infrastructure and bolster cybersecurity with a strategy that best fits them.
2. Implement cybersecurity awareness among employees
Organizations should train their employees by proactively spreading awareness on such cybersecurity concerns and conducting basic training sessions. This can prepare employees as the last line of defense against such happenings. The employees should be encouraged to adhere to regulatory and compliance requirements, use strong passwords and filter spam before downloading attachments. The emphasis should be on creating a culture of security within the organization.
3. Protect any medical or connected devices
An increasing number of medical devices are linked with the internet today. Apart from that, employees also use mobile devices, tablets, and wearable technologies that may contain sensitive patient information. It is important to ensure that these devices are encrypted to keep the information secure.
4. Install a good firewall
Firewalls protect against online cyberattacks by shielding your devices from unwanted network traffic or malicious attacks. It is important to install a firewall in devices that are usually connected to the internet.
5. Maintain good IT habits
Healthcare organizations have started taking the initiative to train their employees and get them acquainted with best computer practices. However, it is usually done once a year. Such security training should take place more often. Especially, new employees should be taught how to identify such threats and follow security procedures while working on computers. Make sure that all employees adhere and adapt to good online habits.
6. Safeguard the cloud-based systems
Several tools can help organizations detect unsafe files and guard cloud systems against data theft and third-party attacks. If you store a large volume of patient data on the cloud, get yourself the best cloud security tool.
7. Access to healthcare information
Make sure that access to healthcare information is protected and only given to those who need it. The unnecessary access should be restricted by only selecting a few employees with admin privileges.
8. Change your passwords regularly
Simply selecting a strong password is not enough. It is important to keep changing the passwords regularly to prevent incidents from being stolen. Reports suggest that most security breaches take advantage of weak or stolen passwords. Also, employees should be encouraged to report any incidences of credential thefts as soon as possible.
9. Limit physical access
If a physical device is stolen, it makes the data breach imminent. Therefore, caution must be paid while using such devices that contain sensitive information. They should be stored in locked or secured rooms.
10. Control network access
It is important that employees follow safe email practices and refrain from downloading any new software or applications without prior permission from organizational authorities. They should know to filter email attachments before downloading them on connected devices. Authentication protocols must be put in place to catch domains that mimic trusted sites. Many cyberattacks can be prevented when employees do not get tricked into clicking on phishing links.
11. Install anti-virus software
There are many quality anti-virus software that can stop malware attacks and find viruses that may potentially damage your systems. Just installing them won’t do the job. It is also important to update them from time to time so that your healthcare organizations receive the utmost protection from emerging threats as well.
12. Plan for the worst
We live in an age where cyberattacks can leave the essential healthcare systems in limbo for hours or even days. In the event of such an attack, the top priority of any organization is to restore data as soon as possible. While recovering from such attacks may take a lot of time, it is important to take the necessary steps to back the data up from the main server as much as possible. Back up important files to be able to restore the patient data. Put strong protocols in place to prevent such incidents from taking place.
Conclusion
With this, we are at the end of the blog on healthcare cybersecurity. We hope that you are now better equipped with the concept. With the increase in cyber attacks all across the world in various industries, now would be a great time to enter the field of cybersecurity. If you wish to upskill, you can enrol with the Advanced Cybersecurity Program and accelerate your career in Cybersecurity.