3 Cybersecurity Issues Rocking Healthcare & How to Defend Your Organization
In healthcare, you brace for hackers the same way you prepare for ants at a picnic. Invited or not, they’ll make an appearance. However, much of the industry is ill-prepared to keep these destructive pests at bay. A Black Book Market Research survey at the beginning of 2022 found that only 22% of IT managers in the healthcare sector believe their organization is earmarking enough funds to protect their data and systems. And without ample budget or resources, cyberthreats can turn into a damaging reality.
How do you thwart cyberattacks before they happen with the clear constraints mentioned above? You narrow down the possibilities. Like a game of Clue, most of what you need to know about a major cyberthreat can be answered with three questions: who is does it, what attack method did they use, and where did the breach take place?
The culprits and motives are countless. Nation-state threat actors, cybercriminal gangs, or malicious lone wolves all have different reasons for compromising your systems or exfiltrating your PHI. Fortunately, trying to prepare for the who isn’t as important as anticipating the tactics themselves and blocking their effectiveness. With that in mind, here are some clear cybersecurity issues in healthcare that your organization can guard against now.
1.) Phishing Is Still Big
Human error and gullibility are a hacker’s dream. Phishing attacks have been used since the early ‘90s because they work, tapping into people’s emotions or playing with our trust by using social engineering to lower our defenses. During times of uncertainty or confusion, these types of scams jump in success.
In 2020, phishing emails jumped 220% and there was even a pervasive campaign to spoof communications from the World Health Organization, stealing information with phony COVID-related domains. Even though email clients have upgraded their filters, they still have limitations. In California, one major hospital found missed a massive spike in malicious files over the course of one week, accounting for a 700% increase compared to the week before.
One way healthcare organizations are blocking these types of tactics is by using multilayer anti-phishing tools. The advantage is that most of these leading-edge solutions are designed to remove human error from the equation. They automate email analysis, use AI to identify commonalities across phishing behavior and bad cyber-hygiene, and can quarantine fish communications until they’ve been verified. Plus, they integrate well with the primary email clients on the market. Your organization just needs to find one that fits your budget and industry.
Losing access to systems or databases is a next-level nightmare. Hackers know this, targeting the healthcare sector because of how vital their services and solutions (especially healthcare providers) are to the wellbeing of the general public. Since healthcare leaders are more likely to pay ransoms to save lives (Sophos finds 61% of organizations meet the demands), cybercriminals see the sector as a soft target. The consequences are lost capital, HIPAA violations, and an invitation to attack again.
This cyberthreat is only escalating. According to the FBI, 25% of the ransomware attacks this year have been targeted at care facilities, exacerbating the damage done the year before when the healthcare and public health sector reported the most ransomware attacks of any critical industry. In fact, the ransomware group Daixin Team has been targeting healthcare organizations with the intent of exfiltrating PII and PHI, releasing that stolen data onto the black market if the ransom is not paid.
Fortunately, there’s hope for healthcare facilities to avoid extortion. One is in the form of a group of volunteer tech professionals who are running counterattacks against the hackers themselves, recovering the decryption key and sharing them with victims, saving them millions of dollars. However, waiting for someone on the outside to rescue your organization isn’t enough.
Creating layers of security protocols and solutions while using a zero-trust security framework can make it harder for hackers to compromise core systems. Additionally, there’s an opportunity for healthcare organizations to rethink their business continuity strategies. A weekly or daily failsafe should be replaced by near-continuous backup solutions coupled with an air-gapped solution that cannot be compromised when online backups are attacked. Otherwise, there’s a major risk of data loss when you need to reboot your systems.
3.) Insecure Data Sharing
Everything from maintaining patient care across visits and improving care regimens with wearable biometrics to accelerating reimbursement for approved procedures all rely on the streamlined exchange of data between organizations. Often, this level of exchange is a weak point in cybersecurity.
The APIs used for transferring information also offer hackers another attack vector. If the attacker can compromise the provider and obtain API keys through compromised passwords, zero day vulnerabilities, or phishing scams, it can lead to a domino effect across systems.
No matter the attack strategy, the increased efficiency and care outcomes of secure data interoperability are worth the risk—with some precautions taken. Here’s one example: Send Mammogram, a cloud-sharing platform for mammography, addresses the shortcoming in accessible and traceable breast imaging data while prioritizing HIPAA and HITRUST regulations. By making their security partnership a central part of their service offering, they fill a vital gap and maintain data privacy as well.
Regulatory enhancements are another major part of the response. The Centers for Medicare & Medicaid Services’ interoperability rules and Fast Healthcare Interoperability Resources standard enforcement are accelerating the industry. Add the HL7 standards for exchanging and formatting data and there’s a much clearer framework for healthcare organizations to enhance their data security.
How to Mitigate Emerging Cybersecurity Issues
If you’re following the models set by these businesses or tapping into cybersecurity best practices to overcome phishing campaigns, ransomware attacks, and general data insecurity, that’s just the start. The Internet of Things presents hackers with opportunities to hijack everything from devices to entire systems, and there’s always a new spin on an old strategy.
As a result, organizations need to find ways to extend their cybersecurity capabilities. Whether by hiring cybersecurity professionals or working with outside partners to set up secure systems or protocols, you have a chance to maximize their efforts. That way, you don’t have to play the same game as hackers—and you can still deliver the best care outcomes.
Want to prepare your organization to overcome the top cybersecurity issues in healthcare? Stay connected to the iSphere team for the latest news on how businesses across industries are protecting their assets, profits, and reputation from hackers.
Data Governance in Healthcare: Where the Industry Needs to Improve
Should the Energy Industry Prepare for Cyber-Attacks on the Power Grid? Signs Point to Yes
4 IT Recruitment Challenges That Are Getting Worse in 2022