BLUF - Bottom Line Up Front
Cyberattacks on healthcare have risen dramatically, driven by the adoption of digital technology like telemedicine and cloud services. Vulnerabilities in outdated systems and increased remote work due to COVID-19 expose patient data to risks. Cyber threats impact patient privacy, disrupt operations, and can lead to financial losses and even patient deaths. To combat these, healthcare organizations should strengthen cybersecurity measures, update systems, enhance threat intelligence, and implement robust access controls and endpoint protection.
Healthcare Industry Reports Unprecedented Spike in cyberattacks this year.
Technology plays a crucial role in today’s healthcare service organizations. The integration of modern technologies, such as mobile computing and cloud services, has ushered in a new era of healthcare delivery with profound implications for medical professionals and administrators alike. However, amidst these transformative advancements, it’s essential to acknowledge the lurking presence of Cybersecurity Threats in Healthcare.
The ongoing COVID-19 pandemic has left an indelible mark on nearly every facet of our lives. It has acted as a catalyst in healthcare, expediting the adoption of virtual care solutions. Yet, this accelerated transition to digital platforms has brought a heightened vulnerability to cybersecurity threats, making it imperative for healthcare organizations to safeguard patient data and uphold the integrity of their operations.
However, the recent incorporation of technology has increased the frequency and sophistication of hospital data breaches. The industry is now among the areas most targeted by cyberattacks globally.
Increased Growth of Healthcare Technology
Today, technologies like telemedicine, artificial intelligence (AI)-)-enabled medical equipment and blockchain electronic health records are concrete examples of digital transformation in the healthcare sector.
The entire global medical technology industry’s market size is approximating half a trillion U.S. dollars. Three years ago, 94 percent of hospitals leveraged their electronic health record system data to perform hospital processes that inform clinical practice. Additionally, 82 percent of the respondents use the data for supporting quality improvement, while 81 percent utilize it to monitor patient safety. Sixty percent of healthcare organizations have already introduced the Internet of Things (IoT) into their facilities.
Overall, the ongoing digital transformation in the healthcare industry promises a future of improved coordination, enhanced data analytics, and the potential to save lives. Innovations such as mobile computing and cloud services have ushered in a new era where stakeholders can seamlessly access patient data, facilitate prescription orders, monitor individuals’ health remotely, and even provide remote diagnoses. However, within this landscape of innovation and progress, addressing the looming specter of Cybersecurity Threats in Healthcare is crucial.
While these technological advancements hold immense promise, they also introduce vulnerabilities that can compromise the security of patient data and the integrity of healthcare operations. As healthcare organizations leverage digital tools to improve patient care, they must remain vigilant in the face of evolving cybersecurity threats that seek to exploit weaknesses in their systems and potentially jeopardize the health and privacy of patients. Balancing the benefits of digital transformation with robust cybersecurity measures is paramount in this ever-evolving healthcare landscape.
Cybersecurity Threats in Healthcare
The healthcare sector faces large cyber risks because of inherent weaknesses in the industry’s security posture. Hackers consider hospitals a soft target due to the vulnerabilities in healthcare systems. They also find it attractive to steal valuable personal data.
Malicious network traffic affects 72 percent of all healthcare service providers. Other security threats in the sector include phishing and outdated operating systems. Some healthcare facilities use older operating system versions that are vulnerable due to known security exploits. Besides, healthcare workers are not updating their systems in a timely way. Study shows that 83 percent of healthcare systems are running on outdated software and unsupported operating systems, such as Windows 7, leaving endpoints vulnerable to cybercriminals. Research revealed that 27 percent of medical devices are still running Windows XP or decommissioned versions of Linux operating systems.
Apart from running outdated operating systems, a wide range of healthcare equipment and tools have security issues. Today, 16 percent of imaging systems are at 51 percent risk of getting hacked. Also, there is a 26 percent chance that criminals will hack 14 percent of patient monitoring tools.
Other prevalent cybersecurity threats in the healthcare sector today include:
- Man-in-the-middle attacks
- Malware
- Configuration vulnerabilities
- Sideloaded apps
- Unwanted and vulnerable apps
- Cryptojacking
- Third-party risks
Healthcare Cybersecurity Posture During COVID-19 Pandemic
Due to COVID-19 outbreak, the healthcare sector is using patient monitoring devices and e-health platforms more than ever.
The current coronavirus pandemic is fueling cybersecurity threats as hackers ramp up ransomware and healthcare infrastructure attacks. A recent report shows that COVID-19 have sparked 72 percent ransomware growth and 50 percent mobile vulnerabilities. Experts have predicted more than 20,000 new vulnerability reports this year, shattering previous records.
With many people working from home, organizations have expanded their network perimeters to accommodate remote work. However, this move has resulted in weak security controls. At the same time, healthcare providers are prioritizing coronavirus response activities without placing cybersecurity as a top priority.
Impact of Increased Cybersecurity Threats in Healthcare
Cyber threats in the healthcare sector affect patients’ privacy. The information cybercriminals access through a data breach consists of private details such as names, date of birth, insurance and health provider information, and a person’s genetic and health information which is considered protected health information (PHI). Loss of such data to hackers causes psychological harm to victims. In some cases, cybercriminals can use the information to steal victims’ identities and access bank accounts.
Apart from individual impacts, healthcare cyber threats can impede hospital operations. For instance, the WannaCry Ransomware attacks in 2017 delayed treatment plans and rerouted incoming ambulances since hospitals lost access to critical information systems.
In addition to the operational delays, the healthcare sector faces financial consequences due to cyberattacks. Such losses have long-term detrimental effects on the reputation and revenue of organizations.
Cyberattacks can result in a patient’s death. The stakes are now a lot higher than defaced websites of stolen sensitive information. Cybersecurity threats can directly or indirectly result in death. A few weeks ago, a patient died after ransomware hackers hit a German hospital. The patient who was scheduled to undergo critical care at a hospital lost her life as she was being transferred 19 miles away to another facility after hackers disabled systems.
Responding to the Increasing Cybersecurity Threats in Healthcare
Rising cybersecurity threats to healthcare require policymakers to review the currently fragmented governance. They should develop, improve, and implement reliable security standards.
Healthcare providers should improve their cybersecurity resilience. Organizations should identify the flaws that sit within professional and personal devices workers use while in office or working remotely. Healthcare facilities should also model their network infrastructure to proactively defend against all known threat actors, externally and internally.
The healthcare industry should incorporate accurate, up-to-date threat intelligence in vulnerability management strategies to act on the new threat landscape during the current COVID-19 pandemic. The sector should invest in expertise and tools that discover, prioritize, mitigate, and remediate threats continually.
Hospitals and other care providers should develop policies outlining requirements for using new technologies. They should improve access controls to allow granular access based on user needs. Providers need to implement endpoint protection across all devices.