It is what we should all be doing when we consider all of these cyber attacks.
In fact, a recent cyber attack, called Wannacry has made the healthcare industry want to do just that. Cry. So far, this cyber breach rained havoc down on 16 healthcare industry businesses, affecting different medical practices to differing degrees.
The cost incurred by cyber crimes is rising quickly as more and more hackers focus on the cyber world – a place where so many healthcare providers store information.
A joint study made by Ponemon and IBM demonstrates that businesses in the healthcare industry are still being affected by cybercriminals, and the number of breaches is on the rise. In fact, the study called “Data Breach Report,” indicates that there is a per-capita cost of about $380 for each file breach. So, if you’re in the healthcare industry, beware, take a deep breath, steady your nerves and read on.
Ransomware and other Malware
Malware is a new, raging and serious threat to all industries, but perhaps it creates the most damage in the healthcare industry. It is especially concerning because issues of life and death may be involved. Healthcare depends on an intricate set of reporting and services that are interlocking and which communicate critical information to the healthcare providers. That makes the data vulnerable to ransomware and other malware attacks.
After the WannaCry attack, hospitals were forced to deny admission of new patients and had treatment of existing patients interrupted because their records could not be accessed. Due to the increasing level of attacks a ‘Wall of Shame’, listing healthcare data breaches in the U.S., shows 288 data breaches affected nearly 4.7 million individuals – four times as many as in the previous year.
Phishing usually begins as an email assault on a specific website, causing unusual spikes in traffic which can cause the site to crash. Verizon reported that 66% of malware is initiated as an email attachment. Shockingly, a whopping 98% of the healthcare industry providers are not taking steps to prevent this from happening by activating the Domain-based Message Authentication, Reporting & Conformance (DMARC).
Threats from the inside, by patients and or staff is also of serious a concern, whether accidental or intended. 75% of respondents in the 2017 HIMSS Cybersecurity Survey reported that Insider threats seemed troubling enough and has caused some providers to improve their cybersecurity processes and set up protection programs.
Cloud Computing and Online Security
As more and more organizations migrate to the cloud, security threats will migrate with them. Healthcare’s use of cloud computing is projected to rise to 20.5% by 2020. Protecting data at rest and in transit requires robust encryption as well as other measures like second-factor authentication and complex passwords.
Attacks from The Internet
Internet-connect devices are growing in popularity, and usage in the healthcare industry is important and shown to improve patient outcomes. A recent App called OpenAPS has optimized a data-driven insulin delivery system and other Internet-enabled activity trackers are now improving cancer treatment, but they come with risks such as DDoS attacks that could disrupt treatment. Redundancy issues and protection of personal data are also vulnerable as more hospitals become dependent on Internet systems.
The Healthcare Supply Chain, The Easiest Way In
A negligent supplier can let cybercriminals in the front door. The TRICARE breach, that exposed 4.6 million military patient records happened that way. Regulatory frameworks such as the HIPAA Omnibus Rule in the U.S., are being enacted to strengthen protections.
Secure authentication is the name of the game to minimize the problems of human-computer interaction. Passwords must be strengthened, changed often and require a two-stage process.
Legacy apps holding you back
90% of hospitals run legacy applications to preserve patient data. This can open the door to the cybercriminal. The WannaCry attack infected machines that were running unpatched older versions of Windows such as XP and 7 by exploiting a vulnerability in the operating system. Penetration testing should be a first step to finding your vulnerabilities.
Security is everyone’s problem
In healthcare security, issues extend to all disciplines, suppliers, and even patients. The increased use of IoT devices make this a cause for concern everywhere. A recent paper, for the National Data Guardian, “Your Data: Better Security, Better Choice, Better Care,” recommends improving security across healthcare organizations. Citing the issue of “people and processes” as much of a problem as technology.
Security is an is an issue of poor healthcare funding
Poor funding is a massive threat to security. Security and improvements in technology cost money for training and implementation, but they are as vital to everyone’s health as treatment is. If allowed cybercriminals will disrupt services to everyone within a society.
Understandably, budgeting is an issue in the healthcare industry. However, cutting out or reducing expenses in cyber security is not the best answer. A cyber security attack is not a matter of “IF” but instead of “WHEN”. And if the organization is not prepared with a cyber secure environment the costs will be enormous. In this respect cyber security is much like insurance, something that you must have.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.