The healthcare industry is a veritable honeypot for cybercrime, replete with vast amounts of sensitive digital information that expands in number and scope daily, including personal medical data and payment card details. This data is increasingly attractive to hackers, particularly those using ransomware to lock out organizations and hold onto sensitive information until the organization pays up.
The healthcare industry has always been an appealing target for cybercriminals. From high-value patient data to a low tolerance for downtime that could disrupt patient care, cybercriminals continue to find ways to take advantage of healthcare cybersecurity practices. In recent years, the healthcare industry has seen a 55% increase in cybersecurity threats, turning attacks on healthcare providers into a $13.2 billion industry and making it a gold mine for cybercriminals.
Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies.
Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of ethics that includes avoiding breaching some specific sectors, such as hospitals or critical infrastructure, thus avoiding great harm to society and consequently drawing less attention from law enforcement.
HIPAA compliance law, the Health Insurance Portability and Accountability Act in long form, is one of the compliance standards the public and private healthcare companies need to address for building and maintaining public trust in telemedicine. During the COVID-19 pandemic, telemedicine has been the solution to withstand the excess influx to hospitals and health centers, avoiding unnecessary exposure of patients.
Healthcare organizations still seem to think that blocking all access to unapproved cloud storage or cloud collaboration tools means that they’re preventing leakage of sensitive information. But as the old saying goes, “Data flows like water.” Eventually, it’s going to find the holes and escape. Even if a healthcare IT system has water-tight data controls, that’s not the only goal within the organization—and not even the most important one.
The number of cybersecurity incidents reported within the healthcare industry has been steadily increasing since 2015 as the use of IoMT has become more widespread. With increasing numbers of IoMT devices being used for patient care, the attack surface among hospitals and doctors’ offices has grown dramatically as medical technology continues to expand.
COVID-19 has severely tested the limits of our healthcare systems, pushing many hospitals to the brink of manpower and technological collapse. In fact, the pandemic has demonstrated just how quickly public health can unravel once healthcare systems reach their maximum capacity. These pressures have hastened the development of telemedicine, pushing the once-distant goal to the centre of the agenda for healthcare institutions across the globe.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry?
