Why healthcare organizations must take cyber security more seriously
Why healthcare organizations must take cyber security more seriously
September 28, 2021 Comments Off on Why healthcare organizations must take cyber security more seriously Technology Kishore PendyalaSponsored
Why healthcare organizations must take cybersecurity more seriously
While the pandemic inspired incredible demonstrations of cooperation and compassion, evil actors took use of the situation for personal gain, as with every disaster. While hospital employees set up field hospitals in parking lots and clinicians risked their lives to combat the terrifying virus, hackers, ransom ware gangs, and financial con artists redoubled their efforts to steal sensitive patient information.
According to my company’s study, the number of reported hacking incidents in healthcare increased for the fifth year in a row in 2020, increasing 42 percent. Last year, hacking events accounted for more than half of all patient data breaches (62%) — an increase from 2019.
Healthcare hacking attacks were particularly brutal in 2020, according to the Wall Street Journal (paywall), with data from the US Department of Health and Human Services showing “that nearly every month last year, more than 1 million people were affected by data breaches at health-care organizations.” These alarming figures show how hackers targeted healthcare organizations during the pandemic, but considering how Covid-19 overburdened healthcare organizations’ limited resources, a large number of data breaches may have gone undetected.
The FBI, the Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services (HHS) issued a joint advisory warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” in response to a recent surge in cyberattacks on healthcare organizations. At the same time, due to the Delta version, many hospitals are experiencing surge capacity once again, making cybersecurity more vital than ever.
THE STATE OF CYBER SECURITY IN HEALTHCARE
In a report to Congress in 2017, the HHS-created Health Care Industry Cybersecurity (HCIC) Task Force claimed that healthcare cybersecurity is in “critical condition.” The Task Force’s assessment is still valid four years later. Since the outbreak of the COVID-19 pandemic, the number of ransomware assaults has risen dramatically across all industries, with healthcare being disproportionately targeted. According to the HIMSS 2020 Cybersecurity Survey, 70% of hospitals questioned had encountered a “major security incident” in the previous 12 months, including phishing and ransomware attacks that resulted in the loss of data.
Healthcare businesses are an appealing target
Healthcare businesses are an appealing target for financially motivated threat actors due to their large attack surfaces, which make it relatively easy for hackers to uncover vulnerabilities and profit from their exploitation. The HITECH Act, passed in 2009, encouraged investments in health information technology to improve the United States’ healthcare system, resulting in unparalleled connectivity and increased use of medical devices. Electronic Health Record systems, which connect medical devices with other applications to create a more holistic picture of patient well-being, are now at the center of the healthcare industry. Furthermore, the average number of networked medical devices per hospital bed in the United States is 10 to 15, implying that large healthcare organizations confront the mammoth challenge of protecting tens of thousands of medical devices, many of which are quite trivial to hack. The digitization of healthcare infrastructure accelerated important advances in patient care while also opening up new attack vectors. A single exposed asset might give a threat actor access to the company and jeopardize patient data and medical services’ confidentiality, integrity, and availability.
Protected health information(PHI), on the other hand, is significantly more profitable than credit card information. Depending on the thoroughness of the stolen medical records, criminals can make anywhere from $10 to $1,000. Healthcare businesses are an appealing target for threat actors due to their vast attack surface and strong financial incentives.
Cyber Security
To make matters worse, many healthcare companies place a low priority on cybersecurity due to competing goals and limited resources. Due to restricted and stagnant IT budgets, “cybersecurity professionals may not necessarily have access to the security solutions and other resources they require to fully secure the environment,” according to the 2020 HIMMS Cybersecurity Survey.Furthermore, researchers discovered that the average healthcare business spends approximately 5% of its IT budget on cybersecurity, with the remainder going toward new technology adoption. Worryingly, this means that businesses are increasing their attack surface despite the fact that they lack the capabilities to appropriately safeguard their digital assets.
As a result, the healthcare business has lagged behind many other industries in terms of detecting, preventing, and mitigating cyberattacks. Healthcare businesses, for example, take an average of 236 days to detect a data breach and 93 days to mitigate the harm, compared to 207 days to identify and 73 days to confine an assault in the industry. Healthcare organizations that have been harmed by cyberattacks have paid a high price to mitigate the threat as a result of their failure to invest proactively in cybersecurity. The healthcare business had the greatest cost of a data breach for the eleventh year in a row, with an average cost of $9.23 million in 2021, according to IBM’s Cost of a Data Breach Report. Although studies have shown that proactive investments in cybersecurity lead to long-term savings, healthcare administrators may find it difficult to justify cybersecurity spending when faced with other pressing priorities, such as staffing increases to meet the demands of a once-in-a-generation pandemic.
THE FUTURE DIRECTION
The US healthcare system is in dire condition, with an ever-increasing attack surface, compelling financial incentives for attackers, and under-budgeted, poor cybersecurity operations. To strengthen the healthcare business and protect the nation’s essential infrastructure, public-private collaborations and increased investments in healthcare cybersecurity will be critical.
Cyber hygiene must be seen as a basic and important component of a functioning medical system, much as handwashing is in modern medicine. Healthcare systems are now extremely vulnerable to cyberattacks, and opportunistic threat actors are increasingly using the industry’s weak security posture to steal patient data and disrupt critical medical systems. With the confidentiality, integrity, and availability of patient data, medical equipment, and entire healthcare systems on the line, healthcare businesses must adopt a new mindset, prioritizing cybersecurity and investing in security solutions ahead of time.
Policymakers can encourage proactive behavior by offering matching funding to groups that want to engage in risk-based planning and bring their practices up to state and federal standards. Furthermore, legislators can simplify and enhance the regulatory framework for healthcare security in order to produce a more unified and complete set of standards that healthcare businesses can navigate simply. In the event of a significant cyber incident, federal agencies must continue to engage with healthcare industry partners to establish comprehensive contingency plans.
In the end, though, whether corporations are willing to make large expenditures in cybersecurity will determine the fate of healthcare security. If the healthcare industry wants to make a difference in cybersecurity, leaders must start treating digital assets like patients. To prevent cyberattacks, responsible healthcare organizations must address vulnerabilities in their digital infrastructure, much as a responsible healthcare professional attempts to discover and treat patients’ underlying chronic problems before they cause a catastrophic medical emergency. After all, viruses may infect even computers.
We at KPi-Tech prioritize the client’s needs over anything. Our expert cybersecurity services team has been providing reliable services in the global market for years. We respond to finite details of our customers to offer impeccable solutions.