Cybersecurity threats are some of the biggest concerns across a wide range of industries due to the proliferation of technology and the difficulties with prosecuting international cybercrime. However, a handful of fields in which these cyber threats present a unique risk landscape. The healthcare field has experienced a 55% increase in cyber attacks, resulting in over $13 billion in losses. Risk management and IT personnel must work together to mitigate specific cybersecurity threats in healthcare.
Healthcare organizations, in particular, are a repository of sensitive data from patient health information to payment methods and other personal information. With such a wealth of potentially profitable data on hand, healthcare industry members must take specific care to secure their systems and protect them from many cybersecurity challenges. We’ll discuss the top 6 cybersecurity threats facing the healthcare sector.
Ransomware Attacks
The healthcare sector is particularly vulnerable to ransomware attacks. They are one of only a handful of industries in which lives are literally on the line if their systems are being held hostage by cyber attackers. In the heart of the Covid-19 pandemic in 2020, over 500 healthcare providers fell victim to ransomware attacks. While law enforcement recommends never paying the ransom, healthcare administrators are in a difficult position as patient care and preserving life must be their priorities.
As if that wasn’t bad enough, system downtime is not the only negative outcome of a ransomware attack. While your systems are down, the attackers have free rein to access your sensitive data, export it, and then use it for future crimes. This could lead to liability for the loss of that data and the cost of the ransom, restoring your systems, or completely rebuilding your systems, depending on the outcome of the attack.
Ransomware is predominantly delivered through malware installed through software and hardware vulnerabilities, social engineering attacks, and insider threats, which we will cover later in this article. However, one of the best defenses against ransomware is a good cyber hygiene policy. Ensuring that your devices, software, and systems have all upgrades and patches installed lessens the attack surface, and training your employees on good remote work cyber security and device policies will help to provide less opportunity for attackers.
Distributed Denial of Service Attacks
Distributed denial of service (DDoS) attacks are another common threat that presents special concern in the healthcare field. DDoS attacks use a network of computers to flood a targeted system, network, or service with a huge amount of traffic in an effort to overwhelm and thereby shut down said system. As this attack is perpetrated by a network of computers and devices infected with malware unbeknownst to their owners, it’s extremely difficult to defeat by isolating the sources of the attack, especially in healthcare settings, as critical systems likely cannot be taken offline without disrupting patient care. Unlike ransomware, DDoS attacks only result in system downtime and no additional data loss; however, ransom demands or costs associated with recovering from the attack are still substantial, not to mention negative patient care outcomes as staff need to access records, fill prescriptions, and retrieve information.
Phishing and Other Social Engineering Scams
Phishing emails are probably the most common vector of social engineering attacks that the general public is aware of. I’m sure most of you receive at least one a day in your inbox, and yet, they are still the single most successful attack vector for cybercriminals. Email is not the only method through which these attacks can take place. Voice calls, text messaging, and even in-person social engineering attacks can prove disastrous.
The nexus of a social engineering scam is to use human psychological pressure and exploit natural tendencies to have an employee take some action that will enable the attacker to gain access to a system, network, funds, or other objectives. Educating your employees on these types of scams is a must, as is implementing strong email filters and assigning roles within your network.
Connected Medical Device Security Vulnerabilities
The internet of things is even more expansive in healthcare settings. While you may have internet-connected refrigerators and televisions at home, the sheer number of connected medical devices in even a small healthcare facility is utterly staggering. Any one of these devices can be compromised, and that compromise can lead to the loss of data, installation of malware, or outright access to your network by a hacker. The possibilities are endless once the compromise occurs.
To lower your risk of compromise through medical devices, you must keep up to date with device software patches and hardware updates recommended by the manufacturer. 67% of medical device manufacturers expect an attempt to breach their devices within a revolving 12-month period. They are vested in securing their devices, and keeping up with their recommendations will help you protect your facility best.
Data Breaches
Statistically, the healthcare sector is victimized by data breaches more than any other industry. Over the last year, this industry has averaged an astounding 2.8 million monthly data breaches. The potential for obtaining profitable data is so high when gaining access to healthcare systems that cybercriminals focus heavily on this field.
The combined threat of healthcare personnel unaware of cybersecurity best practices and systems vulnerabilities and IT personnel who may not realize what data is critical or sensitive or how many devices are connected to the network leaves many opportunities for gaps in the enterprise’s security posture. Ensuring that lines of communication are in place between these essential departments is critical, as is providing cybersecurity training to all personnel.
Another opportunity for data breaches is the plethora of legacy systems still in place in networks worldwide. Smaller providers lacking funds to update or even larger providers who have just chosen to stick with an older system are not protected from emerging threats or exploits of known vulnerabilities and a facility that has put the most updated systems into place. There is also the potential for data loss or exposure during a haphazard migration from one system to another. Phasing out legacy systems must be a planned process across the board and should be a priority for healthcare administrators.
Insider Threats
Even the best security posture will always have a vulnerability to insider threats. Despite background checks, network segmentation, implementation and review of assigned roles and permissions, and other IT security procedures, there always exists the possibility that an employee will export sensitive data. This can result in the loss of patient PII or PHI, intellectual property, and many other types of financially damaging and reputation damaging information.
The best way to mitigate risk from insider threats is to put in place exactly what we mentioned above. Network segmentation with assigned roles limiting access to only what is truly necessary for that specific employee to complete their work, robust firewalls, an active threat surface monitoring system, and periodic review of this data will help limit your exposure. Also, automatic alerts to IT personnel whenever an assigned role gains new permissions, or a new administrator account is created is a best practice.
At Venture Lynk Risk Management, we provide customized third-party vendor risk assessments and management for risk management teams of any size. We specialize in financial services, healthcare, and other high-risk industries and staff a full team of data and cyber security specialists to handle your specific needs. Contact us today to see how we can help you face cybersecurity threats in healthcare today.
