By Pedro Vidal, vice president, Cylance.
It’s no secret that cyberattacks are escalating, rising in tandem with the growing sophistication of technology. One industry that has taken a massive hit by cyberattacks in recent years is the healthcare industry. The healthcare industry is increasingly reliant on technology and data connected to the internet, such as patient records, lab results, radiology equipment and hospital elevators. Now imagine if a cybercriminal encrypted an entire hospital’s data with a nasty ransomware. Doctors would be unable to pull up a patient’s medical records, or worse, utilize equipment connected to the internet to make a proper diagnosis.
Unfortunately, this is the reality that healthcare industry professionals are facing today. And while 92% of healthcare organizations are confident in their ability to respond to cyberattacks, there is a plethora of malicious activity that poses a great threat to their networks. Here are the main cybersecurity challenges faced by the industry today:
The Rise of Ransomware
You might recall the WannaCry attack of 2017, the ransomware worm that attacked hospitals as well as other industries by exploiting a weakness in Windows machines. This worm infected thousands of computers around the world and threw the United Kingdom’s National Health Service into chaos. This resulted in the Health Care Industry Cybersecurity Task Force to conclude that healthcare cybersecurity was in critical condition.
Why was the healthcare industry so impacted by this cyberattack? Many hospitals struggle to keep up when it comes to upgrading their operating systems due to the sheer volume of devices on the network. However, much of the software in a medical-specific device is often custom made, making system upgrades difficult. Additionally, manufacturers tend to avoid prematurely pushing out modifications that could potentially impact patient safety. For these reasons, medical machines continue to exist with outdated software, putting them at greater risk of cyberattacks such as ransomware.
Lack of Investment
Many organizations within the healthcare industry suffer from a lack of investment in cybersecurity solutions. Despite the number of breaches that occur, healthcare is behind other sectors when it comes to taking security measures. Only 4-7% of healthcare’s IT budget is allocated to cybersecurity, while other sectors allocate about 15% to their security practices. However, the finances associated with a cyberattack if these solutions aren’t put in place can take an even greater toll on an organization. Some hospitals and healthcare insurers see estimates of over $5 billion in costs as the result of cyberattacks on their systems. On top of the costs incurred finding a solution to fix these breaches, healthcare organizations then have to deal with fines from the Department of Health and Human Services Office of Civil Rights.
Securing Connected Devices
With the growing adoption of IoT, more and more devices are being connected and used in healthcare systems. However, as connected medical devices become more powerful and widely adopted, they become greater targets for malicious actors to exploit. According to the Cybersecurity in Healthcare report, over 16% of IT professionals can’t patch their own operating systems, leaving the network wide open for attack. Now imagine if a cybercriminal gained access to just one medical device on the exposed network. This could lead to the theft of sensitive patient data or even unauthorized access to an implanted device that could cause physical harm to the user.