In a recent Becker’s Healthcare article, when asked what the most concerning trends in healthcare IT are, more than half of hospital executives (five out of nine) referenced cybersecurity.
Among the biggest threats to a hospital is ransomware. Ransomware is a form of malware or malicious software that infects computers and/or devices and blocks owners from accessing their systems or files – until they pay a ransom to receive an encrypted key that unlocks the information. Earlier this year, 60 Minutes investigated the target of ransomware attacks and found that in addition to public service networks, like municipalities, hospitals are topping the list of ‘easy’ targets. Attacks, however, are often at random and based purely on weaknesses within an organization’s network. So while public service networks and hospitals happen to be some of the easiest targets, in general, ransomware attacks have increased by 62 percent worldwide and by 158 percent in North America alone. (PBS)
In 2021 and beyond, it is obvious that a reactionary cybersecurity strategy simply will not cut it, especially in healthcare.
Because of the vast amounts of sensitive patient data handled by hospitals and other medical organizations, cyber criminals are targeting their attacks and malicious malware towards these types of organizations. Medical records, in particular, are attractive to bad actors because of their resale value, which is 50 times higher than that of the next most valuable record type – stolen credit cards. (D Magazine)
The chaos surrounding the outbreak of COVID-19 made healthcare the ideal target for cyber-attacks; in more ways than one, it created the perfect storm. While healthcare workers scrambled to staff and respond to the virus, hackers and scammers doubled down on their mission to obtain valuable patient data. As cited in this Forbes article, the number of hacking incidents reported in healthcare climbed for the fifth straight year in 2020, jumping 42 percent in 2020. Hacking incidents comprised more than half of all of last year’s patient data breaches – 62 percent – up from 2019.
According to the Wall Street Journal, healthcare hacking attacks were particularly brutal in 2020, with data from the U.S. Department of Health and Human Services showing “that almost every month last year more than 1 million people were affected by data breaches at healthcare organizations.” With the outbreak still ongoing, and healthcare organizations continuing to battle the COVID-19 variants, it is suspected that some data breaches have yet to even be detected and that more are to come.
Healthcare Cybersecurity: What To Do Next
At this year’s Healthcare Information and Management Systems Society (HIMSS) annual conference held August 9-13, the topic of cybersecurity reigned supreme. The number one piece of advice that experts attending the event had for healthcare organizations, as recapped by HealthTech, is to anticipate the threat.
Securing today’s largely digital, hybrid health system, however, is of course no easy task. Additional key tips and takeaways coming out of this year’s HIMSS conference include:
- Take ownership. Cybersecurity has historically been treated as ‘someone else’s job,’ not only within healthcare but within other industries as well. The time for ownership in cybersecurity is now; cybersecurity is everyone’s problem and everyone within the healthcare system needs to be thinking about cybersecurity in the context of their position in order to help prevent future attacks.
- Be proactive. Healthcare organizations need to start acting like they are the digital target for ransomware and other financial scams, because they are. If cybersecurity wasn’t budgeted for previously, it needs to be now; existing budgets in this space also need to be reevaluated based on present-day threats.
- Create partnerships and build a cybersecurity network. From legal affiliates to help navigate the logistics of a ransomware attack to cybersecurity professionals to help counter and better prepare a healthcare organization’s network, it is important to create strong partnerships in cybersecurity. The demand, naturally, for cybersecurity professionals has increased in conjunction with attacks over the last year. Start vetting and building a trusted network now in order to be prepared for what could come.
Looking for more ways to combat cybersecurity threats? Here are five first-step tips to get started.