Cybersecurity incidents are a growing threat to the healthcare industry in general and hospitals in particular. In 2015, the healthcare industry was the most attacked by cyber criminals according to a Cyber Security Intelligence Index by IBM. Data breaches have cost as much as $6.2 billion. Like any large company, a modern hospital has hundreds – even thousands – of workers using countless computers, smartphones and other electronic devices that are vulnerable to security breaches, data thefts and ransomware attacks.
The healthcare industry has been slow to respond and has lagged behind other industries when it comes to cybersecurity. Increased connectivity to existing computer networks has exposed medical devices to new cybersecurity vulnerabilities. The breaches include malware attacks, computer thefts, unauthorized network access and other security breaches. Electronic health records, the healthcare infrastructure and individual medical devices are all targets.
Cyber attacks severely disrupt companies in every industry. But when they take place in healthcare that not only costs hospitals lots of time, money and operational downtime, but threatens people’s lives. Many hospital electronics help keep patients alive, monitoring vital signs, administering medications, and even breathing and pumping blood.
Cyber criminals care more about your health records than they do about your credit card details. This is because electronic records may contain the details such as birthday, social security numbers, policy numbers, and even billing information of the patients – this is a lot more than they will get with a stolen credit card.
Healthcare providers now have to secure more connected medical devices than ever before. The attack surface is growing and cybercriminals are developing more sophisticated tools and techniques to attack healthcare organizations, gain access to data and hold data and networks to ransom.
Data breach is one of the most common threats the healthcare industry faces today. Such trouble typically starts when a doctor or other healthcare worker is persuaded to open an email sent by an attacker and click a link or attachment that downloads malware to his computer, a so-called “phishing” attack. A number of hospitals in recent years have become victims of such attacks.
Ransomware attacks are on the rise: many healthcare providers are forced into paying to get their data back. The attacks are coming from all types of endpoints, including some that providers can’t control or monitor. It’s a type of malware that cyber criminals infect on a healthcare organization’s IT system, preventing the company from accessing certain files or sectors. Usually, the infected components become encrypted and the authorized user is then unable to access them. The hackers will then deliver a message containing instructions for sending payment or ransom in exchange for restored access to the affected system.
An increasing amount of protected health information is being stored on the cloud. Without proper encryption, this can be a weak spot for cloud attacks. It’s also possible that attackers could one day use artificial intelligence to mount more complex attacks. For example, hackers could use an intelligent system to block algorithms in the healthcare network that manage prescriptions or drug libraries and replace them with fakes. Cyber-attacks on connected devices could therefore result in injury or worse.
Healthcare is an attractive target for cybercrime for two fundamental reasons: it is a rich source of valuable data and its defences are weak. Protecting hospitals’ computer networks is crucial to preserving patient privacy – and even life itself. Chronic underinvestment in cybersecurity has left many so exposed that they are unable to even detect cyber attacks when they occur. So for now, healthcare cybersecurity continues to be a top concern for healthcare executives. And decisive steps should be taken towards solutions of the evident cybersecurity threats. That will not only ensure hospitals’ continuous workflow and save their reputation avoiding personal data breaches, but what is of major concern, that will save our lives.