Healthcare Industry Reports Unprecedented Spike in cyberattacks this year
Technology plays a crucial role in the operation of today’s healthcare service organization. Many hospitals are increasing use of modern technologies like mobile computing and cloud services to improve care delivery, resulting in far-reaching impact for doctors and administrators. At the same time, the current COVID-19 pandemic has disrupted almost every aspect of life. The situation has accelerated the adoption of virtual care to stay relevant during the pandemic. However, the recent incorporation of technology has resulted in increased frequency and sophistication of data breaches in hospitals. The industry is now among the areas most targeted by cyberattacks globally.
Increased Growth of Healthcare Technology
Today, technologies like telemedicine, artificial intelligence (AI)-enabled medical equipment, and blockchain electronic health records are concrete examples of digital transformation in the healthcare sector. The entire global medical technology industry’s market size is approximating half a trillion U.S. dollars. Three years ago, 94 percent of hospitals leveraged their electronic health record system data to perform hospital processes that inform clinical practice. Additionally, 82 percent of the respondents use the data for supporting quality improvement, while 81 percent utilize it to monitor patient safety. Sixty percent of healthcare organizations have already introduced the Internet of Things (IoT) into their facilities. Overall, digital transformation in the healthcare industry provides improved coordination and better data analytics, which potentially saves lives. Mobile computing and cloud services, for instance, makes it possible for stakeholders to access patient data, order prescriptions, monitor patients’ health, and deliver remote diagnoses.
Cybersecurity Threats in Healthcare
The healthcare sector faces large cyber risks because of inherent weaknesses in the industry’s security posture. Hackers consider hospitals to be a soft target due to the vulnerabilities in healthcare systems. They also find it attractive to steal valuable personal data. Malicious network traffic affects 72 percent of all healthcare service providers. Other security threats in the sector include phishing and outdated operating systems. Some healthcare facilities use older operating systems versions that are vulnerable due to known security exploits. Besides, healthcare workers are not updating their systems in a timely way. Study shows that 83 percent of healthcare systems are running on outdated software and unsupported operating systems, such as Windows 7, leaving endpoints vulnerable to cybercriminals. Research revealed that 27 percent of medical devices are still running Windows XP or decommissioned versions of Linux operating systems. Apart from running outdated operating systems, a wide range of healthcare equipment and tools have security issues. Today, 16 percent of imaging systems are at 51 percent risk of getting hacked. Also, there is a 26 percent chance that criminals will hack 14 percent of patient monitoring tools. Other prevalent cybersecurity threats in the healthcare sector today include:
- Man-in-the-middle attacks
- Configuration vulnerabilities
- Sideloaded apps
- Unwanted and vulnerable apps
- Third-party risks
Healthcare Cybersecurity Posture During COVID-19 Pandemic
Due to COVID-19 outbreak, the healthcare sector is using patient monitoring devices and e-health platforms more than ever. The current coronavirus pandemic is fueling cybersecurity threats as hackers ramp up ransomware and healthcare infrastructure attacks. A recent report shows that COVID-19 have sparked 72 percent ransomware growth and 50 percent mobile vulnerabilities. Experts have predicted more than 20,000 new vulnerability reports this year, shattering previous records. With many people working from home, organizations have expanded their network perimeters to accommodate remote work. However, this move has resulted in weak security controls. At the same time, healthcare providers are prioritizing coronavirus response activities without placing cybersecurity as a top priority.
Impact of Increased Cybersecurity Threats in Healthcare
Cyber threats in the healthcare sector affect patients’ privacy. The information cybercriminals access through a data breach consists of private details such as names, date of birth, insurance and health provider information, and a person’s genetic and health information which is considered protected health information (PHI). Loss of such data to hackers causes psychological harm to victims. In some cases, cybercriminals can use the information to steal victims’ identities and access bank accounts. Apart from individual impacts, healthcare cyber threats can impede hospital operations. For instance, the WannaCry Ransomware attacks in 2017 delayed treatment plans and rerouted incoming ambulances since hospitals lost access to critical information systems. In addition to the operational delays, the healthcare sector faces financial consequences due to cyberattacks. Such losses have long-term detrimental effects on the reputation and revenue of organizations. Cyberattacks can result in a patient’s death. The stakes are now a lot higher than defaced websites of stolen sensitive information. Cybersecurity threats can directly or indirectly result in death. A few weeks ago, a patient died after ransomware hackers hit a German hospital. The patient who was scheduled to undergo critical care at a hospital lost her life as she was being transferred 19 miles away to another facility after hackers disabled systems.
Responding to the Increasing Cybersecurity Threats in Healthcare
Rising cybersecurity threats to healthcare require policymakers to review the currently fragmented governance. They should develop, improve, and implement reliable security standards. Healthcare providers should improve their cybersecurity resilience. Organizations should identify the flaws that sit within professional and personal devices workers use while in office or working remotely. Healthcare facilities should also model their network infrastructure to proactively defend against all known threat actors, externally and internally. The healthcare industry should incorporate accurate, up-to-date threat intelligence in vulnerability management strategies to act on the new threat landscape during the current COVID-19 pandemic. The sector should invest in expertise and tools that discover, prioritize, mitigate, and remediate threats continually. Hospitals and other care providers should develop policies outlining requirements for using new technologies. They should improve access controls to allow granular access based on a user’s need. Providers need to implement endpoint protection across all devices.