The Healthcare Industry Remains a Favorite for Cyber Criminals

If you have had any exposure to news headlines over the past decade, it would come as no surprise to you that the healthcare industry has been one of the sectors most targeted by hackers and cyber criminals. Just this month, a Miami-based vendor of clinical and third-party administrative services to managed care organizations serving elderly and disabled individuals disclosed that they suffered a data breach in July of 2022 that affected more than 4.2 million people.

According to a 2022 report, healthcare was one of the three most attacked industries, along with the government and education sectors. The research also found that healthcare organizations across the world averaged 1,463 cyberattacks per week in 2022, up 74% compared with 2021, and US healthcare entities specifically suffered an average of 1,410 weekly cyberattacks per organization, up 86% vs. 2021. The war taking place between Russia and Ukraine has only served to intensify these risks, as U.S. officials warn that Russian hackers might target U.S. critical infrastructure, and in particular hospitals, in response to the United States’ support of Ukraine.

Why Target the Healthcare Sector?

There are numerous reasons a malicious actor would target healthcare organizations. The first and most obvious is the treasure trove of data these organizations handle. Healthcare facilities are in a unique position to handle multiple forms of data, such as claims data, electronic health records, administrative data, medical records, clinical trial data, research data, etc. Few industries work with such a wide array of data categories. There is substantial monetary value associated with stealing and selling this data.

Healthcare facilities, and especially hospitals, utilize a vast network of medical devices to service their patients. These devices provide more options for physicians to treat ailments, but they also provide malicious actors with more potential entry points for cyberattacks, especially as security may not be a primary concern when designing these devices. On top of this, many reliable healthcare devices may be technologically outdated and lacking the necessary security updates.

Healthcare facility staff often find themselves in difficult situations when it comes to combatting cyber threats. Their primary focus is saving lives, and they need patient data to be easily, quickly, and sometime remotely accessible. It is a constant balancing act – how do we make patient data secure while not hindering the speedy access that providers have to that data in the most urgent situations. Budget, staffing, and time constraints further complicate this situation and make it difficult for these employees to remain constantly up to date on the latest cyber threats and best practices.

The magnitude of a successful cyberattack is arguable highest in the healthcare sector. It is one of the only industries where a successful attack that limits operational technology functions could directly and rapidly mean life or death. In 2020, a ransomware attack forced a hospital in Düsseldorf, Germany, to close its emergency department, and a patient died in an ambulance while being rerouted to another hospital. And in Alabama, it is alleged that a baby was born with severe brain injury and eventually died due to botched care because her hospital was struggling with a ransomware attack. For malicious actors in search of media exposure or devastating consequences that extend beyond money, healthcare institutions represent an ideal target with the most at stake, human lives.

What Can the Healthcare Sector Do to Mitigate These Risks?

Fortunately, all is not doom and gloom for healthcare. There are a number of proactive steps healthcare providers can take to mitigate the risk of a cyberattack. Furthermore, these actions are a marketing opportunity to demonstrate superior data protection controls vs. competitors and might even help your business reduce your cyber liability insurance premiums. Several actions healthcare organizations should take include:

1. Conduct risk assessments
2. Mandate multi-factor authentication
3. Educate and test staff
4. Eliminate organizational silos
5. Closely monitor third-party access
6. Utilize data encryption
7. Secure mobile devices
8. Use off-site data backups
9. Prepare disaster recovery plans
10. Classify assets
11. Employ intrusion detection
12. Keep up to date with patch management