Over the past decade, the cyberthreat to the healthcare industry has increased dramatically, along with the sophistication of cyberattacks. Industry and government both recognize this new era. For each improvement delivered by automation, interoperability, and data analytics, the vulnerability to malicious cyberattacks increases as well.
Cyberattacks are of particular concern for the health sector because attacks can directly threaten not just the security of systems and information but also the health and safety of patients.
Healthcare organizations are attractive targets for cybercriminals for three main reasons:
- Criminals can quickly sell patient medical and billing information on the darknet for insurance fraud purposes.
- Ransomware’s ability to lock down patient care and back-office systems make lucrative ransom payments likely.
- Internet-connected medical devices are susceptible to tampering.
Cybersecurity issues in the healthcare industry
Health organizations, large and small, are prime targets for cybercrime. The growing number of healthcare-related cyberattacks is an indication that smaller health providers are falling victim to cybercriminals at an increasing rate.
Large healthcare providers often have the resources necessary to mount a formidable cyberdefense strategy. These large hospitals and health provider chains can often afford to hire a chief information security officer, staff a security operations center, and subscribe to the best threat intel services.
Some of the most notable cyberattacks of the last decade were against healthcare institutions.
Community hospitals, independent doctors, and dentists don’t often have the luxury of spendy cybersecurity defenses. Yet, they shoulder the same cyber risks and present an equal opportunity for criminals. The American Medical Association states that nearly 57 percent of medical practices in the U.S. have ten or fewer physicians, and about 10 percent are solo practitioners.
Unable or unwilling to pay exorbitant ransoms, many small healthcare providers cannot survive these attacks and feel forced to close their businesses. These practitioners are fully aware that paying a ransom demand, by no means, guarantees that the hacker will release data or equipment. Nor does it ensure that they will not sell your patient’s data on the darknet.
The American Dental Association reported that in August 2019, hundreds of dental practices were affected by ransomware. The attack focused on a dental-focused technology provider and locked dentists out of their data.
A ransomware incident in August 2019 forced Wood Ranch Medical in Simi Valley, California, to close its doors on December 17, 2019. A note on their website said, “Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there. With our backup system encrypted as well, we cannot rebuild our medical records,” the note continues. “As much as I have enjoyed providing medical care to you, I will not be able to attend to you professionally after that date.”
Arguably the most respected and informative security industry annual report is the Verizon DBIR (Data Breach Investigations Report). The 2020 DBIR indicates the substantial increase in the number of breaches and incidents overall is reflected in the healthcare sector. Healthcare suffered a 71 percent increase in breaches or incidents in 2020 over 2019.
Financially motivated criminal groups continue to target the healthcare industry primarily with ransomware attacks. Lost and stolen assets are also a problem, and human error is alive and well in this vertical. Lest one think that most healthcare cyberattacks are launched from some clandestine bunker, it is essential to note that nearly half of the breaches in this sector come from internal bad actors.
Last year the DBIR reported that the healthcare sector had internal actor breaches (59 percent) exceeding those by external actors (42 percent). This year, external actor breaches are more common at 51 percent, while breaches executed by internal actors fell to 48 percent. However, this is a small percentage, and healthcare remains the industry with the highest amount of internal bad actors.
As a glimmer of hope, the 2020 DBIR shows that privilege misuse incidents have declined across the board. In 2019 privilege misuse stood at 23 percent. This year it dropped to 8.7 percent. Privilege misuse is the direct result of poor access control. Users have more access rights than they need to do their jobs, and the organization fails to monitor the activity of privileged accounts properly and establish appropriate controls. The decrease in this type of event can be seen as reflecting improved security policies and training. These indicators denote an increase of security awareness within the organization.
Privilege misuse incidents are responsible for user errors that result in data loss or unauthorized access by an adversary. Privilege misuse is not to be confused with internal bad actors.
Another change that goes along with decreased insider misuse breaches is a corresponding drop in multiple actor breaches. The healthcare sector has typically been the leader in this type of breach. This type of breach usually occurs when external and internal actors combine forces to steal data used for financial fraud. The multiple actor breaches last year were at 4 percent, and this year dropped to 1 percent.
The top cybersecurity error experienced by the healthcare industry is misdelivery. This error tends to fall into two categories. One is when an email is sent to the wrong email address, or distribution list, and sensitive data is received by unauthorized personnel. The second is the snail mail equivalent; when address labels for a mass mailing get out of sync and confidential information is mailed to the wrong recipient.
Case study of cybersecurity breach in healthcare
In 2019 a small community health system in Wyoming fell victim to a cyberattack. Campbell County Health operates a 90-bed acute care hospital in Gillette and nearly 20 clinics across the county. Attackers locked up sensitive patient information and medical devices then demanded a ransom.
As a result of the attack, Campbell County Health employees found it necessary to cancel services, including radiology, endocrinology, and respiratory therapy. Reports indicate that the organization transferred patients to hospitals as far away as South Dakota and Denver. Cash registers, email, and fax were all unavailable. Doctors had to resort to pen and paper to document medical conditions, and with prescription records inaccessible, patients were required to bring medication bottles to visits.
Many security professionals see the eventuality of a cyberattack against any given healthcare organization a matter of when – not if.
In a video address to the community, Andy Fitzgerald, Chief Executive Officer of Campbell County Health, said, “CCH is not the first organization, hospital or otherwise, to be hit with a ransomware attack. Every organization is subject to this type of cybercrime. We were not the first, and, unfortunately, we won’t be the last to experience this. Individuals, as well as organizations, must remain constantly vigilant, at home and at work, in order not to become a victim of this kind of crime. CCH had strong systems in place before the attack, and we have invested in additional measures, but the threat remains for all of us.”
What makes cybersecurity challenging within the healthcare field?
The healthcare sector has all the cybersecurity challenges facing any business, plus unique challenges all their own. They must protect their networks, databases, and endpoints from attack. They are responsible for protecting private financial and medical information about their patients and employees. They often protect valuable intellectual property. Additionally, they have challenges few other businesses encounter. The number of connected medical devices has exploded over the last ten years. Nearly every conceivable piece of medical equipment is now web-enabled or connected to the organization’s operational network.
Healthcare providers are deploying more connected medical devices every day, and they can make up as much as 74% of the devices connected to a hospital’s network. The prevalence of medical device hijacking has spawned the use of the term “medjacking” to describe these attacks aimed specifically at connected medical devices.
These connected devices are often necessary to sustain the life of the patient. Disabling them, or modifying their functionality, can mean the difference between life or death. Like any digital device, updates are needed to keep them running and safe.
Connected devices include patient tracking wristbands, equipment tracking for crash carts, ventilators, portable X-ray machines, and vital-sign monitors. All of these devices communicate across the hospital network providing doctors with valuable patient information entered into electronic health records. The transmitted data allows doctors to provide more affordable care. Clinicians can work faster and in safer conditions. And each of those devices acts as an entry point for cybercriminals to exploit.
Late last year, Black Book Market Research LLC surveyed over 2,800 security professionals from 733 organizations to identify gaps, vulnerabilities, and deficiencies that persist in keeping hospitals and physicians proverbial sitting ducks for data breaches and cyberattacks.
The report showed healthcare’s cybersecurity struggles are caused by budget constraints. It is costly to replace legacy software. Past reports from security researchers show that the majority of healthcare medical devices operate on legacy platforms. Fifty-six percent of healthcare providers still rely on legacy Windows 7 operating systems. Many of these providers struggle with understanding or performing necessary patches.
Nothing could be of higher priority than the health and well being of patients, and communication between healthcare providers and patients or between the various healthcare functions has been refined to an art. So, why does the healthcare profession struggle with cybersecurity?
The top cybersecurity challenges facing the healthcare industry are:
- Patient information is valuable on the darknet.
- Medical devices often lack adequate security controls.
- Medical professionals need the ability to access medical data remotely.
- Insufficient cyber risk training among healthcare workers.
- Outdated technology used in many healthcare facilities.
Very few healthcare providers are oblivious to the extraordinary cybersecurity risks shouldered by the industry. Their position as the most attacked business sector has not escaped notice. The issue of cybersecurity has risen to the forefront of concerns for this sector. There are seminars, conferences, white papers, and myriad cybersecurity training opportunities for healthcare professionals.
Like any other business sector, efficiencies are introduced to enhance competitive advantage. One of the significant efficiencies leveraged by healthcare providers is how much time they spend with each patient. Too much time with one patient means someone else’s medical needs may not receive attention.
Dr. Christian Dameff is the Medical Director of Cybersecurity at the University of California, San Diego. In a November 2019 Ars Technica article, he states, “I have a lot of patients that I need to take care of, and I have only a finite amount of time to take care of them. Even with my cybersecurity expertise and my understanding of these problems, I still really wrestle with the thought of, ‘If I’m only going to see this patient for 15 minutes and might not ever see them again, do I talk to them about patching their pacemaker, or do I talk to them about their horribly uncontrolled diabetes and high blood pressure? Ideally, those things would not be mutually exclusive, but that’s just not the reality of modern medicine and modern healthcare.”
Dr. Dameff is required to prioritize healthcare over cybersecurity. No one would want it any other way, but the necessity to make such a choice highlights the need for this sector to find new solutions to their unique needs.
Cybersecurity solutions for the healthcare industry
Currently, the healthcare industry is losing ground in its battle against cybercrime. Antiquated computing systems and too few trained cybersecurity professionals combined with an increase in connected medical devices have left this sector vulnerable. Technological advances in patient care equipment, systems, and processes have outstripped improvements in backend support systems where valuable patient information is stored.
The current global pandemic only exacerbates these problems. In May 2020, Bitdefender Labs, a leading cybersecurity vendor, reported, “With healthcare systems under constant strain amid the SARS-CoV-2 global pandemic, hospitals and healthcare facilities around the world have also been hit by a wave of cyberattacks, including ransomware attacks. While officials have already issued warnings that hospitals, governments, and universities may be more conscious about losing data and access to critical systems, Bitdefender telemetry reveals that the number of cyberattacks and ransomware incidents directly targeting healthcare significantly increased over the past couple of months.
The number of cyberattacks detected at hospitals in March increased by almost 60 percent from February, according to Bitdefender telemetry. This is the highest spike in our global evolution of cyberattacks detected at hospitals reported over the past 12 months, showing that cybercriminals have clearly leveraged the pandemic to launch these campaigns.”
Cybersecurity solutions for healthcare organizations should provide safeguards that exceed those of most businesses. Arguably, these systems and devices should be equal to or surpass those used in financial organizations in terms of the level of protection provided.
To achieve this goal, healthcare institutions must look at each new platform proposed in terms of the medical benefits provided to their patients and the risk of cyberattacks.
According to the Forrester New Wave: Connected Medical Device Security, Q2 2020 Report, any security platform under consideration for introduction into the medical environment should be thoroughly evaluated against the following criteria.
|Architecture||Where do sensors and appliances need to be placed in the network for typical operation? How many sensors or appliances does the typical hospital require? What information does the vendor’s product require to be transmitted off-premises? How is this data secured (both in transit and at rest)?|
|Analytics and Reporting||Does the vendor produce dynamic reports that effectively communicate risks associated with a medical device environment?|
|Attack Response||What are all the remediation and response actions available to customers when a security attack is identified (e.g., configuration changes, device quarantine, behavioral block, device removal from network, etc.)?|
|Threat Research||How does the vendor discover new medical device threats and vulnerabilities?|
|Device Visibility||How granular is the classification taxonomy of the devices in the environment (i.e., device function, type, OS/firmware, vendor, and model)? How does the vendor ensure that classification taxonomy remains up to date in light of new devices, vendors, models, etc.?|
|Vulnerability Management||Does the product track medical device vulnerabilities (i.e., CVEs and medical device security advisories)? How are these reported on, and what actions can be taken from the admin console?|
|Integrations||What are all of the native, out-of-the-box integrations with third-party security and IT operations tools? Which are bidirectional, and what are the specific benefits to customers?|
|Vision||How well does the vendor’s product vision align to address the major customer requirements for medical device security?|
|Roadmap||What are the vendor’s short-term and long-term product roadmaps? How differentiated is the roadmap from the competition? Are the planned features expected to contribute meaningfully to customer and product success?|
Cybersecurity influences every aspect of the Healthcare industry, from the confidentiality of sensitive health information to insurance rates to patient care. Industry and government leaders acknowledge that healthcare trails where it should be in cybersecurity technologies, standards, and processes.
While some call for additional governmental regulation to ensure patients and their data are protected, many healthcare leaders understand that voluntary compliance with the strictest standards is the only way to stave off further, and sometimes, onerous compliance regulations.
As concerning as today’s known healthcare cybersecurity threats are, the scariest of all cyber threats may still lie ahead. Researchers in Israel announced last year that they have created a computer virus capable of adding tumors into CT and MRI scans. In the wild, this malware could fool doctors into misdiagnosing patients, according to a story by Kim Zetter in The Washington Post.
The healthcare industry faces significant cybersecurity challenges unique to that sector. When lives, not just fortunes, are at stake, the best and brightest in computer science, medical science, and business must work in concert to find innovative solutions to address the threats bearing down on medical care as we know it.
Risk assessments are the cornerstone of every program for cybersecurity in healthcare. Risk needs to be assessed first before any action is taken to help manage the risk. Risk must be gauged based upon factors such as probability of occurrence, impact on the organization, as well as the prioritization of the risk.What is the importance of cybersecurity in healthcare? ›
Aligning cybersecurity and patient safety initiatives not only will help your organization protect patient safety and privacy, but will also ensure continuity of effective delivery of high-quality care by mitigating disruptions that can have a negative impact on clinical outcomes.What is the most difficult challenge to cyber security? ›
Adapting To A Remote Workforce
However, safeguarding remote and hybrid working environments will continue to be the biggest challenge in cyber security. The key to secure remote working is cloud-based cybersecurity solutions that protect the user's identity, device, and the cloud.
- Remote Work. The COVID-19 pandemic has forever changed the workplace and how it is secured. ...
- Cloud Attacks. ...
- Phishing Scams. ...
- Cryptocurrency and Blockchain Attacks. ...
- Internet of Things (IoT) Attacks.
- Establish a Security Culture.
- Protect Mobile Devices.
- Maintain Good Computer Habits.
- Use a Firewall.
- Install and Maintain Anti-Virus Software.
- Plan for the Unexpected.
- Control Access to Protected Health Information.
- Use Strong Passwords and Change Them Regularly.
- Assess organizational security posture. ...
- Monitor for network and software vulnerabilities. ...
- Create clear responsibility for risk management. ...
- Consistently assess gaps in security controls. ...
- Track key cybersecurity metrics. ...
- Develop incident response and disaster recovery plans.
Because healthcare providers can't fully serve patients without access to records and monitoring digital medical tools connected to health networks, they often yield to demands to put patients first. It is important to note, however, that not all organizations that pay a ransom get their data back.What is the biggest threat to security of healthcare? ›
Phishing attacks pose a major threat to the healthcare industry as it does to organizations in almost every sector. Once again, a lot of the phishing activity targeting the healthcare sector over the past year has been related to the COVID-19 pandemic.How do cyber attacks affect healthcare? ›
Cyberattacks resulted in poor patient outcomes for 57% of those surveyed and increased complications from medical procedures for nearly half of them, according to the study. Beyond impacting patient care, cyberattacks can also prove costly for healthcare organizations.What is the easiest cyber security? ›
Answer: The easiest Security Certifications include:
CompTIA Security+ Microsoft Technology Associate (MTA) Security Fundamentals. CSX Cybersecurity Fundamentals Certificate. Systems Security Certified Practitioner (SSCP)
Any IT system offers an “attack surface” that an attacker can exploit. Cloud-based technologies and API-based architecture continue to enlarge this attack surface. At the same time, legacy systems are far too layered and complex to easily secure against cyberattacks.
Cybersecurity can be stressful work; not only do staff need to stay on top of threats posed by cyber criminals, ransomware gangs and even nation-state sponsored hacking campaigns, they also need to ensure their users are equipped with the right tools needed to stay safe – often while working with a restricted ...What are the top 5 major threats to cybersecurity? ›
- Social engineering attacks (or phishing) ...
- Ransomware. ...
- Mobile security attacks. ...
- Remote working risks. ...
- Identity-based cloud security threats.
- Configuration Mistakes. New in 2022.
- Poor Cyber Hygiene. New in 2022.
- Cloud Vulnerabilities. New in 2022.
- Mobile Device Vulnerabilities. New in 2022.
- Internet of Things. New in 2022.
- Ransomware. New in 2022.
- Poor Data Management. New in 2022.
- Inadequate Post-Attack Procedures.
Ransomware is considered to be one of the biggest cyber security threats in 2022 and poses a serious cyber threat to businesses of all sizes. Ransomware attacks work by infecting your network and locking down your data and computer systems until a ransom is paid to the hacker.
- #1 Evaluate the Current Condition of Your IT Infrastructure. ...
- #2 Create Different Levels of Access. ...
- #3 Subnet Wireless Networks. ...
- #4 Keep Track of Personal Devices. ...
- #5 Educate Your Employees. ...
- #6 Modernize Obsolete IT Infrastructure. ...
- #7 Update Your Software Regularly.
Loss of such Intellectual Property, information exfiltration and loss of patient information or research data are the common cyber threats to the healthcare industry.Is cybersecurity possible in healthcare? ›
Healthcare cybersecurity focuses on preventing attacks by defending systems from unauthorized access, use, and disclosure of patient data. The primary aim is to ensure the availability, confidentiality, and integrity of critical patient data, which, if compromised, could put patient lives at risk.What are the 4 major digital challenges in the healthcare industry? ›
So, what are the challenges many healthcare systems still face when taking on a digital health strategy? They include interoperability, cybersecurity, privacy and challenging misinformation.What are the three biggest data challenges in healthcare today? ›
- Capturing Accurate Data. In a study at an ophthalmology clinic, EHR data matched patient-reported data in 23.5 percent of records. ...
- Fragmented Patient Care. ...
- Data Privacy & Security. ...
- Data Visualization. ...
- Document Processing and Analysis.
- The High Cost of Health Care. The problem: Perhaps the most pressing issue in health care currently is the high cost of care. ...
- The Concerns of Health Equity. ...
- The Promise (and Pitfalls) of Technology. ...
- The Move Toward Value-Based Care. ...
- The Growing Provider Shortage.
- Cybersecurity Threats.
- Telehealth Implementation.
- Invoicing and Payments.
- Price Transparency Mandate.
- IT Healthcare Investments.
- Patient Experience.
- Effective Payment Models.
- Healthcare Staffing Shortages.
- Insufficient insurance coverage. A lack of insurance often contributes to a lack of healthcare. ...
- Healthcare staffing shortages. ...
- Stigma and bias among the medical community. ...
- Transportation and work-related barriers. ...
- Patient language barriers.
- Data Breach. ...
- Ransomware. ...
- Spear Phishing and Business Email Compromise (BEC) ...
- Distributed Denial-of-Service (DDoS) Attacks.
No, cybersecurity isn't hard. Although there may be difficult concepts, like cryptography or areas that require more technical knowledge, cybersecurity is one of the few fields in the tech world that doesn't require a strong technical background.Do you have to be smart for cyber security? ›
The truth is far from this exaggerated perception. Anyone can learn to become a cyber security expert with a basic level of intelligence and plenty of hard work. Let's take a look at some of the ways to learn cyber security.Can a beginner learn cybersecurity? ›
As such, there has never been a better time to explore cybersecurity for beginners, and to explore the various career options out there for people new to the field. There are many areas for specialization and advancement which you'll be able to branch into as your skills, experience, and career development.Is cyber security a lot of math? ›
What Kind of Math is Used in Cybersecurity? Most entry-level and mid-level cybersecurity positions like cybersecurity analyst aren't math intensive. There's a lot of graphs and data analysis, but the required math isn't particularly advanced. If you can handle basic programming and problem solving, you can thrive.Is cyber security or coding harder? ›
Cyber security can sometimes be more difficult than programming because it includes many different elements, including programming itself. As a cyber security analyst , you must understand how to code, infiltrate code, and prevent infiltration. This is one of the most difficult aspects of cyber security.How many days it will take to learn cyber security? ›
Yes, you can complete this free Introduction to Cyber Security course within 90 days.
Job Satisfaction: 71% of respondents in North America said they were satisfied in an ISC2 study with 36% saying they were very satisfied. A similar survey from PayScale found that the average cyber security engineer gave a job satisfaction of 3.83 out of 5. This is about 10% over the average of 51% among US workers.Why do people leave cyber security? ›
It found that many IT security leaders are struggling to keep up with evolving threats and new cybersecurity practices, while also reporting issues around recruitment, retention and work-life balance that are prompting many to turn away from the industry.Are cyber security employees happy? ›
Job satisfaction in the cybersecurity industry is extremely high, with 71% of people satisfied with their job and 36% of those “very satisfied.”What are the 3 most common cyber-attacks? ›
The different types of cyber-attacks are malware attack, password attack, phishing attack, and SQL injection attack.What are the 10 recommended tips for cyber security? ›
- Back up your data. ...
- Keep your devices and your apps up-to-date. ...
- Choose unique passwords. ...
- Turn on two-factor authentication. ...
- Be creative with the answers to your account recovery questions. ...
- Avoid sensitive transactions on free wifi. ...
- Install an antivirus and scan for viruses regularly.
- Misconfigured Software Settings. Misconfigured software settings could expose sensitive customer records. ...
- Social Engineering. ...
- Recycled Passwords. ...
- Physical Theft of Sensitive Devices. ...
- Software Vulnerabilities. ...
- Use of Default Passwords.
The 2022 index's top 10 list of cyber powers, in order, is the United States, China, Russia, United Kingdom, Australia, Netherlands, South Korea, Vietnam, France and Iran. While the United States has flagged North Korea's cyber activities as concerning, the country comes in at number 14 on the Belfer list.Which country is the biggest cyber threat? ›
According to our study, Tajikistan is the least cyber-secure country in the world, followed by Bangladesh and China. Tajikistan had the highest percentage of users attacked by banking malware (4.7%), computers facing at least one local malware attack (41.16%), and attacks by cryptominers (5.7%).What is the #1 threat to information security? ›
1. Insider threats. An insider threat occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization's critical data or systems.What is the future of cyber security? ›
By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor's security service edge platform.
With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection.What is the most important part of the cyber security system? ›
End-user protection is one of the most important aspects of cybersecurity. The easiest entry point is the end user, no matter how sophisticated the underlying infrastructure is. All software and hardware used by end users must be scanned for malicious threats at regular intervals.What are some of the most important aspects of cybersecurity today? ›
- Application security.
- Information security.
- Disaster Recovery Planning.
- Network Security.
- End-user Security.
- Operational Security.
Cybersecurity is crucial because it safeguards all types of data against theft and loss. Sensitive data, protected health information (PHI), personally identifiable information (PII), intellectual property, personal information, data, and government and business information systems are all included.What is the most important cybersecurity practice? ›
Protect access from remote devices
Ensure access management for any type of user. Securing access to your sensitive data from any location and device is critical. Remote workers, as well as employees using their own devices, play a more significant role in an organization's security today than ever before.
- Networking and System Administration. ...
- Knowledge of Operating Systems and Virtual Machines. ...
- Network Security Control. ...
- Coding. ...
- Cloud Security. ...
- Blockchain Security. ...
- The Internet of Things (IoT) ...
- Artificial Intelligence (AI)
Cyber security is the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks. It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks, and technologies.What is the primary purpose of cybersecurity? ›
According to the Cyber Security & Infrastructure Security Agency (CISA), "Cyber security is the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information."What are the 5 reasons why cybersecurity is important now more than ever? ›
Here are the top 5 reasons:
- Increased exposure to attacks in organisations.
- Increased Cybersecurity threats faced by individuals.
- Cybercrime is expensive.
- Newer hacking methods.
- Hackers are Everywhere.
When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability.
Cyber security is important because it encompasses everything that relates to protecting our data from cyber attackers who want to steal this information and use it to cause harm.