Futurism Technologies. Yes, COVID-driven healthcare attacks saw a barrage of ransomware attacks against healthcare providers during the pandemic. The report uncovered some of the underlying yet major cyber-attacks posed to healthcare information and concluded that the industry is one of the prime targets for threat actors and malicious cyber groups looking to cause mayhem and achieve unethical gains.
In another study, IBM observed that an increasing number of attackers are targeting the global COVID-19 response institutions or healthcare delivery organizations (HDOs) including hospitals, pharmaceutical companies, medical supplies organizations, etc. affecting the COVID-19 relief supply chain and efforts worldwide.
This is just the tip of the iceberg as we see it, as there lies a streak of cyber menaces beneath the surface. This is the reason the rising costs of data breaches and the exploding number of cyber-attacks to healthcare providers and institutes is turning cybersecurity into a mission-critical priority for the healthcare industry.
Healthcare organizations have certain attributes that make them soft targets for the attackers. One of the key reasons often is the number of various systems/networks that are not patched regularly with recent security updates.
Here are five alarming reasons cybersecurity is more important than ever in the healthcare domain:
1. Cloud security
A recent report from Verizon found that a good number of healthcare providers relying on cloud storage and access to patient and clinical data via mobile devices will grow tenfold in size in coming years. This trend when combined with the rise in cyber breaches make securing health data more important than ever. More cybercriminals and hacking groups are poaching hospital data stacked on cloud servers since healthcare and medical records are worth a fortune on the black market than SSN data and credit card data today.
Security and compliance threats are two major concerns as healthcare providers continue to move huge volumes of confidential information to cloud storage. Not to forget the burden on IT crew of operating and managing gigantic IT workloads in the cloud.
According to McAfee, only 7% of cloud services that are in use meet enterprise compliance and security requirements. An average healthcare organization in the U.S. uploads around 6 TB of data to the cloud every month, more than Wikipedia’s archives which is 5.64 TB. In addition, only 15% of these cloud services support multi-factor authentication, which is a powerful line of defense to prevent unauthorized access to confidential data on cloud.
Only a handful of healthcare organizations tend to have a complete knowledge of what their IT folks are doing in the cloud, as they lack the required visibility into the activity of users. This is where the internal threat part comes in. A large number of healthcare organizations surveyed reported their employees as the top risks to cloud security.
2. Hacked IoT systems and devices
Medical device safety has been a hot topic in the healthcare landscape lately, since most of the connected medical devices are vulnerable to attacks. The core of this problem lies in the fact that several connected medical devices in use today were not designed keeping cybersecurity in mind. On the other hand, patching when possible often offers marginal level of protection to IoT devices.
According to a survey by Irdeto, more than 80% of healthcare providers experienced a cyber-attack targeted at their IoT devices. Operational downtime, compromised patient data and user safety were some of the major impacts of these attacks.
Vulnerable connected medical devices in the healthcare landscape will continue to be a threat until healthcare organizations embrace a powerful IoT security architecture.
According to Verizon, Ransomware continues to contribute to over 70% of all the malware incidents in the healthcare industry. Ransomware attacks will continue to haunt the healthcare domain until organizations fortify their people, processes and security strategy.
Hackers believe that their ransomware attempts are more likely to succeed since healthcare organizations and providers put human lives at risk if they cannot access patient records.
Healthcare organizations ought to identify their weaknesses, since the impact of a ransomware attach can be devastating. For instance, a ransomware attack on a hospital’s electronic health records (EHR) could land a healthcare provider in troubled waters leaving thousands of patients and healthcare personnel in distress.
4. Unsecured mobile devices
A sea of connected mobile devices will continue to be a huge challenge for healthcare security. As soon as a healthcare personnel go mobile, the threat landscape widens automatically, which is a major concern to any healthcare provider. Further, when it comes to BYOD policies for healthcare organizations, it is important to consider the security parameters when enabling employees’ access to different systems and records.
Configuration vulnerabilities and malicious network traffic were observed to be some of the popular entry points for hackers in the healthcare industry.
One of the most frequently speared attacks, phishing is a popular means for cybercriminals to gain unauthorized entry to a system. It could be used to install a ransomware, spyware, cryptomining scripts or to steal confidential patient data.
Healthcare is more vulnerable to phishing considering the data at hand. Unfortunately, most of the healthcare organizations tend to overlook the importance of security awareness training thus, making them hot targets for phishing attempts.
A recent HIMSS Cybersecurity Survey revealed that nearly 60% of hospital personnel and IT people in the USA reported email to the most common point of information compromise pointing at phishing scams and other email frauds.
The healthcare industry including healthcare providers, health insurance companies, pharmaceutical companies, medical devices manufacturers, etc. are hot favorites of cybercriminals and attackers for the huge volumes of sensitive and valuable data these institutes hold.
Many healthcare providers lack the necessary resources and skills to prevent these attacks. It’s time to ask for help and engage a managed security services provider with top-notch security expertise. With an MSSP, healthcare providers don’t have to purchase the new and many security products and don’t have to hire additional security skills, which are difficult to find. It’s really the only way to be protected.