By Pedro Vidal, vice president, Cylance.
It’s no secret that cyberattacks are escalating, rising in tandem with the growing sophistication of technology. One industry that has taken a massive hit by cyberattacks in recent years is the healthcare industry. The healthcare industry is increasingly reliant on technology and data connected to the internet, such as patient records, lab results, radiology equipment and hospital elevators. Now imagine if a cybercriminal encrypted an entire hospital’s data with a nasty ransomware. Doctors would be unable to pull up a patient’s medical records, or worse, utilize equipment connected to the internet to make a proper diagnosis.
Unfortunately, this is the reality that healthcare industry professionals are facing today. And while 92% of healthcare organizations are confident in their ability to respond to cyberattacks, there is a plethora of malicious activity that poses a great threat to their networks. Here are the main cybersecurity challenges faced by the industry today:
The Rise of Ransomware
You might recall the WannaCry attack of 2017, the ransomware worm that attacked hospitals as well as other industries by exploiting a weakness in Windows machines. This worm infected thousands of computers around the world and threw the United Kingdom’s National Health Service into chaos. This resulted in the Health Care Industry Cybersecurity Task Force to conclude that healthcare cybersecurity was in critical condition.
Why was the healthcare industry so impacted by this cyberattack? Many hospitals struggle to keep up when it comes to upgrading their operating systems due to the sheer volume of devices on the network. However, much of the software in a medical-specific device is often custom made, making system upgrades difficult. Additionally, manufacturers tend to avoid prematurely pushing out modifications that could potentially impact patient safety. For these reasons, medical machines continue to exist with outdated software, putting them at greater risk of cyberattacks such as ransomware.
Lack of Investment
Many organizations within the healthcare industry suffer from a lack of investment in cybersecurity solutions. Despite the number of breaches that occur, healthcare is behind other sectors when it comes to taking security measures. Only 4-7% of healthcare’s IT budget is allocated to cybersecurity, while other sectors allocate about 15% to their security practices. However, the finances associated with a cyberattack if these solutions aren’t put in place can take an even greater toll on an organization. Some hospitals and healthcare insurers see estimates of over $5 billion in costs as the result of cyberattacks on their systems. On top of the costs incurred finding a solution to fix these breaches, healthcare organizations then have to deal with fines from the Department of Health and Human Services Office of Civil Rights.
Securing Connected Devices
With the growing adoption of IoT, more and more devices are being connected and used in healthcare systems. However, as connected medical devices become more powerful and widely adopted, they become greater targets for malicious actors to exploit. According to the Cybersecurity in Healthcare report, over 16% of IT professionals can’t patch their own operating systems, leaving the network wide open for attack. Now imagine if a cybercriminal gained access to just one medical device on the exposed network. This could lead to the theft of sensitive patient data or even unauthorized access to an implanted device that could cause physical harm to the user.
How to Bridge to Security Gap in Healthcare
To protect the infrastructure and data critical to the operation of their organizations, here’s a checklist of what healthcare IT professionals can do:
Invest in Security From the Get-Go
In an effort to encourage healthcare organizations to step up in the ways of cybersecurity, the Department of Health and Human Services is increasing breach enforcement of private health information. This will require that these entities make “reasonable efforts” like investing in security solutions up front to help protect patient data and educating their workforce on common cyberattacks. This will help to prevent cyberattacks before they can happen.
Ensure Your Software is Up-to-Date
In addition to selecting a top cybersecurity vendor, it’s important to update your organization’s software regularly. This will ensure that your organization always has the latest security patches that could prevent vulnerabilities from being exposed.
Focus on Encryption
To help improve medical device security, make sure that your network and all everything connected to it is encrypted. Be sure to carefully implement solid cryptography, including key protection and password and data storage practices.
At the end of the day, choose a security vendor that will help your organization ensure patient safety. Here are some healthcare organizations who have adopted robust endpoint protection platforms to help mitigate cyberthreats so they can focus on the health of their patients:
- Phoenix Children’s Hospital was able to save valuable IT and security resources by deploying endpoint defenses that protected the hospital from ransomware attacks that could have stopped patient care in its tracks.
- Tufts Medical Center invested in security solutions that protect its core infrastructure while also securing the 10,000 endpoints in its environment. As a result, the organization can focus on delivering high-quality patient care without interruption.
- VolitionRx Limited, a multi-national company developing new ways to detect cancer, implemented an artificial intelligence endpoint security product to stop malicious activity from targeting endpoints before it could endanger sensitive patient information.
- Satellite Healthcare, an organization that mostly treats patients with chronic kidney diseases, used their security vendor’s highly intelligent data analysis platform to determine which threats were present, the categories they belonged to and the degrees of severity. This analysis allowed the organization to strengthen its security posture and extrapolate risks that could potentially impact patients.
As more and more modern hospitals and healthcare centers have digital building management systems and medical devices that communicate over wireless networks, choosing a solution that is uniquely positioned to enable patient security and safety will prove to be the best preventative medicine there is.