What Cybersecurity threats do hospitals face?

There has been no lack of data breaches across industries over the last few years.1 Hospital security is no different, which is a major concern since patient information is among some of the most private data that an organization can collect.

Cybersecurity and hospitals has become a hot-button topic in the Internet Technology space, and companies are taking it seriously, for good reason. After all, NBC reports, of the 791 cyber breaches that took place in the first half of 2017, healthcare accounted for 30.7 percent of the total.2

The healthcare industry plans to spend $65 billion on improvements over the next five years, according to CSO.3 The cybersecurity site also listed several of the biggest breaches of 2017. One example was Molina Healthcare,4 a Medicaid insurer, where a breach released the health records of 4.8 million patients in 12 states. SSM Health also experienced a breach when a former employee broke into the records of 29,000 people.5

 

What threats face cybersecurity and hospitals?

John Nye, CynergisTek's senior director of Cybersecurity Research and Communication outlined the main ways that hackers are getting into hospital systems.6

The biggest culprit, Nye said, is ransomware. In 2016, there was reportedly a 250 percent increase in ransomware attacks. The data for ransomware attacks in 2017 and 2018 is expected to be worse. These attacks are becoming more complex, harder to thwart and can paralyze an organization's system until the hacker retrieves the sensitive data they seek, either selling it to other parties or demanding a reward to give the information back.6

Unfortunately, healthcare facilities' IT operations have difficulty keeping up with hospital security threats, says Nye. The increasing volume and complexity of breaches, as well as lack of proper staffing contribute to this deficit. Mobile-devices pose a big cybersecurity threat, as nearly anyone has the ability to break into an internal Internet system using on-site handheld technology, according to Nye.6

Nearly everything in a hospital is connected to a network, from security cameras and CT scanners to patient monitors. A breach could prove disastrous and compromise a patient's medical care beyond just invading their privacy.6

Prevention of hospital data breaches

Healthcare has a long way to go in preventing and dealing with cyber threats, but the situation can improve. When it comes to combating ransomware and malware, U.K-based research firm ITProPortal has several suggestions.7

Healthcare facilities should invest in AI applications that can prevent these threats more effectively than traditional IT-department techniques. Facilities should also diligently update their patching software and anti-virus computer software. Devices, like MRI scanners and patient-monitoring systems, need constant backup, as they are major breach targets. Many hospitals are now testing new anti-hacking protocols being developed by several firms. Companies need to also make sure data is regularly backed up and stored in facilities off-site in case hackers break through, since it is impossible to simply stop all the innovative new threats being constantly developed.7

Merlin International & Poneman Institute Cybersecurity released a study that reported that 52 percent of organizations credit their problems to insufficient employee training, and 74 percent admitted that there is an overall lack of employee staffing to attack the issue.8 There needs to be regular training sessions to make employees aware of these threats. Staff needs to be beefed up and better educated on the seriousness of the breaches and how to avoid inflicting further damage.

Investing in cybersecurity is a smart move; it could save a hospital from spending millions of dollars recovering priceless patient data.

1.Kleczynski, Marcin. 2018. "A Look At The Five Biggest Cyberthreats of 2018." Forbes. Jan. 2, 2018. https://www.forbes.com/sites/forbestechcouncil/2018/01/02/a-look-at-the-five-biggest-future-cyberthreats-of-2018/
2. Wisbaum, Herb. 2017. "Data Breaches Happening at Record Pace, Report Finds." NBC News. July 24, 2017. https://www.nbcnews.com/business/consumer/data-breaches-happening-record-pace-report-finds-n785881
3. Morgan, Steven. 2018. "Why healthcare cybersecurity spending will exceed $65B over the next 5 years." CSO. Feb. 2, 2018. https://www.csoonline.com/article/3252343/cyber-attacks-espionage/why-healthcare-cybersecurity-spending-will-exceed-65b-over-the-next-5-years.html
4. Davis, Jessica. 2017. "Molina Healthcare Breached, exposed patient data for over a month." HealthcareITNews. May, 30 2017. https://www.healthcareitnews.com/news/molina-healthcare-breached-exposed-patient-data-over-month
5. Leonard, Mary Delach. 2018. "SSM Health warns 29,000 patients about breach of medical records at its call center." St. Louis Public Radio. Jan. 2, 2018. http://news.stlpublicradio.org/post/ssm-health-warns-29000-patients-about-breach-medical-records-its-call-center#stream/0
6. Nye, John. 2018. "The Top Four Healthcare Cybersecurity Trends for 2018." CynergisTek. Jan. 24, 2018. https://cynergistek.com/blog/top-four-healthcare-cybersecurity-trends/
7. Trossell, David. 2018. "Cyber-Security: How hospitals can prevent ransomware." ITProPortal. March 29, 2018. https://www.itproportal.com/features/cyber-security-how-hospitals-can-prevent-ransomware/
8. Merlin International. 2018. "Merlin International & Ponemon Institute Cybersecurity Study Signals Dangerous Diagnosis for Healthcare Industry." Business Wire. March 12, 2018. https://www.businesswire.com/news/home/20180312005302/en/Merlin-International-Ponemon-Institute-Cybersecurity-Study-Signals