Cybersecurity in Healthcare: A Case of Not Following The Leader
By Chris Usatenko, freelance writer, EveryCloud.
Only a few industries require resilient cybersecurity measures like healthcare. Yet, healthcare has a colossal cybersecurity problem. Data breaches continue to plague patients’ private medical records, in spite of their life-threatening conditions, spending large amounts of money, and entrusting financial information.
Healthcare remains a big target for cybercriminals, sitting firmly in their cross-hairs. Just for 2015, IBM reported more than 100 million breaches of medical records. Some organizations commit to privacy no matter what, but healthcare organizations are not keeping pace in adopting and promoting cybersecurity. But why do most healthcare organizations not have the latest cybersecurity tooling? Some of these reasons, we review in this article.
Why Hospitals and Care Facilities Lack of Robust Cybersecurity
The key reason why cybersecurity is not a conspicuous feature in may healthcare set-ups include:
#1 Limited cybersecurity awareness
Most hospitals concentrate on upgrading their medical technology and employing the best medical personnel and peripheral staff. They ensure they save lives more quickly and offer better overall care. While this is a reasonable practice, they soon relegate cybersecurity to the back-burner. The truth is, cybersecurity is a vital complement to these core values and priorities. Most of the time, hospitals can justify their need for an entire IT team, or at worst, a cybersecurity lead. However, directors may not have the necessary information to decide so.
#2 Lucrative healthcare targets
Hospitals are not always to blame, though. There’s an avalanche of attacks on hospitals. It is worth all of an attacker’s time to target a healthcare organization. As highly lucrative targets, these organizations can reveal data on a cast number of people at once. That is why standards are high to keep these organizations from the reach of attackers. But, what do you do when the attacker never quits chasing?
#3 Size of the specific organization
Many healthcare organizations are massive operations. It makes them increasingly vulnerable. Because more people are involved in the system, there are inevitable, more possible points an attacker can exploit. Imagine just one healthcare staff among several thousand falling for a phishing scam. It can compromise the whole system.
#4 Inconsistency with process
It often appears almost impossible to create and enforce consistent security standards and procedures. The reason is that the size of health organizations and hospitals means they may need to operate out of several buildings. Employees may then adhere to varying best practices, and in some cases, use different systems. Thus, it is hard to have a decent cybersecurity posture.
#5 Shared networks in healthcare organizations
Infosec revealed that one primary reason hospitals continue to appeal to cybercriminals is that most hospitals depend on shared wireless networks. Multiple devices on one network mean that one single point of vulnerability is all a hacker needs to access the whole system. It is a ticking time bomb.
Possible Solutions to Healthcare’s Cybersecurity Issues
What then can healthcare institutions and hospitals do to be on par with the latest cybersecurity practices? It turns out there’s so much they have control over:
Most hospitals can begin by adopting more advanced current technologies to protect patient information and keep their systems secure. Advanced software, monitoring systems, and futuristic tech such as biometrics are examples.
A cybersecurity budget is small fry for most healthcare organizations. It is merely a question of how much premium is on it like the infographic at the end shows across several industries. Prioritizing technological security features will add a decent layer of security around hospital operations. While hospitals may commit their entire budgets to cybersecurity, a hire, who knows their onions can promote substantial improvement.
More secure networks
Shared networks plague many hospitals. To stem the risk of attack, segmenting networks, and adding encryption to them, while having strict policies on personal devices can help.
Consistent staff and patient education
Educating staff and patients on best cybersecurity practices is perhaps the most critical step. Seminars, workshops, handbooks, and emails can help the team to remain vigilant about potential compromises.
Improving cybersecurity in healthcare is a priority, but it will take time. Ongoing commitment from healthcare organizations is critical as they work together to improve patient protection.
To help organizations secure their network, even the most essential practices can help. These may include informing the staff of potential scams and why they should change passwords regularly.
For more insight, check out the following infographic from EveryCloud: