Rahul Tyagi, Co-Founder, Lucideus highlights the huge threat that cyberattacks pose to healthcare institutions and recommends implementing a through strategy to institute checks and policies at various points of the network and quickly identify security threats
Globally, there is a catastrophe of cyberattacks, leaving industries devastated and consumers crippled particularly in the case of the healthcare industry, which has been facing a torrential rain of cyberattacks.
Multiple reports show a steady increase in destructive, sophisticated cyberattacks such as ransomware in the healthcare sector. According to the University of Maryland- A cyberattack occurs every 39 seconds and more than 31 million patient records have already been breached in the first half of 2019. This year has already seen twice the amount of breached records from 2018’s total of 15 million according to a new report from Protenus and there’s still a few months to go.
Unlike any other industry, a hack in the healthcare industry is when cybersecurity becomes a life or death situation for a consumer
The sensitive nature of information coupled with ‘a resource-rich environment’ due to the information health-care providers store: family history, medical history, financial information makes healthcare a favourable industry for hackers.
The healthcare industry is facing two major technology challenges as we speak – upgrading their old technology and adoption of new and emerging technologies. For example, multiple hospitals are still using legacy systems in some parts of their network leading to the possibility of a breach or software failure of medical devices such as MRIs and X-Ray machines. Medical devices are one tool that can directly put patients at risk with the potential of patient illness, injury or death.
Today, hackers target medical and IoT devices that provide, transmit and access confidential data because they can exploit the fact that most manufacturers did not consider security when designing these devices. In fact, in 2017 the FDA recalled 465,000 pacemakers (which help control your heartbeat) due to security vulnerabilities that were discovered. All of this increases vulnerability to ransomware and most healthcare providers are forced into paying to get their data back, considering the sensitivity.
With its reliance on technology and the wealth of data, the healthcare industry is increasingly a target of cybercrimes
Not long ago, the WannaCry attack in 2017 disabled the healthcare industry and led to the closing of several emergency rooms, forcing doctors to turn away those in dire need of treatment and the world took notice. India too has faced its share of data breaches with the most prominent one being the Maharashtra based diagnostic lab breach with records of 35,000 patients being compromised. The results of a breach for everyone involved in the healthcare industry can range from annoying to catastrophic. If a hospital gets disrupted by a cyber incident, it’s the same as if it was disrupted by a tornado.
If you think about what’s at stake, the scenarios are chilling. An attacker can alter the drug dosages, a potentially life-threatening scenario for a patient. For example; hackers can access the blood work records of patients, which in theory, can be switched to yield an improper treatment. Imagine hackers attempt to log into MRI and defibrillator machines, if the hackers are successful it could mean reprogramming the defibrillators to deliver deadly jolts of electricity to the patients’ heart.
What will it take for healthcare providers to be SAFE from cyberattacks?
Healthcare business needs to move from traditional security software like antivirus and deploy sophisticated security solutions. It is important for organisations to step up in this dynamic world of IT threats.
For example, network-related threats are increasing significantly in the healthcare industry. To mitigate this, a thought-through strategy on cybersecurity will enable organisations to institute checks and policies at various points of the network to control users, applications and data flow and to more quickly identify and isolate security threats. And on the network visibility front, healthcare organisations need more insight throughout the network, including the cloud.
To conclude, hospitals and other healthcare providers must practice better cybersecurity hygiene. For starters, it is extremely important to quantify the organisation’s entire risk and continuously assess and monitor cyber-health of the organisation. For example, the speed and thoroughness of software patching and identification of the loopholes are significantly low in the healthcare industry. In such scenarios, an easy to understand, real-time dashboard, scoring the organisation’s cyber-health from 0-5 and identifying the security loopholes continuously is extremely crucial.
The future of the healthcare industry will be a CIO, CISO and the CEO of the organisation having the same source of truth about their cybersecurity risk posture!