A simple hack of email accounts of two employees resulted in the breach of the data of over190,000 HealthEquity customers -not for a day, but a whole one month.In October 2018, the Singapore health system suffered from a massive cyber-attack. In this attack, the attackers stole over 1.5 million SingHealth patients’ non-medical personal data. The breach also affected the healthcare data of the Prime Minister.

The healthcare systems are always a target of cyber-attacks and the costs in terms of loss of productivityof the hospital staff, massive disruptionto the service, and damage to the reputation are extremely high. According to the Radware 2018-2019 Global Application and Network Security Report, on an average, the healthcare organization spent $1.4 million to recover from a cyber-attack! The costs are real.

Why is the healthcare industry at risk of cyber-attacks?

Over the past decade, healthcare is going through a massive digital transformation. The increasing use of technology, IoT devices, mobility, the cloud has made the healthcare industry vulnerable to cyber-attacks. That apart, the industry has additional responsibilities to ensure the security and safety of the patient data. Personal healthcare data is more valuable in the black market – more than financial records. These attackers encrypt medical records or simply hold ithostage until the hospitals meet their demands.

Here are some of the factors that are making the healthcare industry vulnerable to such cyber-attacks –

Technology Proliferation

The healthcare industry is also riding high on the digital transformation wave. Latest technologies such as cloud, mobility, AI, and IoTsensors and devices have already made a strong presence in the hospitals. With real use-cases, these technologies help hospitals tremendously in optimizing their operations, increasing productivity, lowering the healthcare costs, and improving patient care. However, these also make the systems more vulnerable. New malware attacks target multiple systems at the same time making the combat harder. With new applications of the Internet of Medical Things(IoMT), the attacks are likely to spread even wider unless the hospitals are well prepared to prevent those. 

Maturity of Attacks

The cybercriminals are becoming more and more sophisticated in their attacks. The volume of polymorphic attack vectorsis also increasing at a massive speed. As healthcare data is extremely critical and is valued a lot more in the black market, the healthcare industry is prone to more attacks than other industries. At the same time, the maturity of cybersecurity in healthcare is still at a nascent stage.

Unauthorized Access

The healthcare industry relies heavily on instant access to data by multiple stakeholders across different departments. However, as the data is easily available through a central system, it becomes critical to have a stricter authorization control on the data access. The cases of “Privilege Abuse” and “Possession Abuse” are most common in the healthcare environment.

Skills Gap

The use of technology in healthcare is increasing rapidly. The hospitals are heavily depending on technology – not just in terms of computer systems but also connected devices, fitness monitors or advanced equipment like digital pacemakers. However, the opening of emails with malicious attachments, phishing emails, and viewing an advertisement containing malware are some of the most common causes of ransomware and other attacks and scams. In a healthcare environment, there are multiple stakeholders at different levels with different technology maturity – all accessing the data from their systems. But the chances of attacks are extremely high if the individuals are not adequately trained on using technology.

What can hospitals do to protect themselves from cybersecurity threats? 

Here are a few basic things which hospitals can do to ensure the safety and security of their systems and patient data –

  • Establish robust security standards and effectively integrate those across all interconnected systems
  • Identify vulnerabilities and threats in the network and systems and combat those through strict measures
  • Ensure that all the software applications that store or access the patient data are up-to-date and highly secure
  • Ensure stricter data access – restrict the access to healthcare information and apps to specific people and add an additional layer of protection through multi-factor authentication
  • Have rigorous training programs on security awareness for the entire staff – it is extremely important to get the staff buy-in
  • Allow system access only to authorized devices
  • Rely on cloud storage and backup
  • Ensure that all the vendors that hospitals work with are compliant

Ensure Safety and Security

As technology continues to take center stage in the healthcare environment and the complexity of healthcare services continues to increase, it is important that the hospitals start taking cybersecurity seriously. It needs to move much beyond simple compliance and become one of the top agenda items for hospital CIOs. Adoption of cutting-edge technology solutions to become smart hospitals needs to be supported with careful attention to cyber-hygiene along with excellent patient care. After all, these two things will need to work hand-in-hand.