In 2018, the healthcare industry in the United States faced cyber-attacks. This highlights the need for a more targeted approach to protect patient and institutional information. Unfortunately, compared to other industries, most healthcare organizations do not invest enough in cybersecurity and spend only about half as much. This is concerning because phishing attacks and breaches of patient databases can have severe consequences, even risking lives.
According to experts, healthcare is an ideal target for cybercrime due to two main factors: the abundance of valuable data it holds and its weak defense systems. These cyber attacks can involve theft of health information, ransomware attacks targeting hospitals, and even attacks on implanted medical devices. Such breaches have severe consequences such as eroding patient trust, causing disruption in health systems, and posing a threat to human lives. Therefore, healthcare providers and institutions must urgently prioritize and enhance their cybersecurity measures.
Healthcare networks encompass more than just inpatient facilities and clinical departments. They also include Telemedicine practices, rural healthcare providers/patients, internet medical device monitoring, and multi-cloud environments. The utilization of social media, mobile devices, the Internet of Things, and cloud-computing has introduced numerous access points in today’s technological landscape. However, the strength of security measures varies greatly. It is important to note that exploiting high value assets like financial assets and medical identity can be easily achieved by aggregating available data sources about an individual.
Interestingly, most cyber-attacks targeting healthcare institutions are motivated by minimal financial gain and generally do not involve a desire for revenge against a specific corporation or individual. The primary driving force behind cybercrime in the healthcare sector is the value attached to the stolen personal data. As stated in the 2015 Ponemon report on healthcare data security3, the average cost of a data breach for a healthcare organization is estimated to exceed $2.1 million, with criminal attacks being the leading cause of such breaches and experiencing a 125 percent increase compared to five years ago. Depending on the type and completeness of the obtained patient data, the profit from each stolen dataset could easily reach thousands of US dollars. “Stolen medical identities can be utilized for various purposes, ranging from an individual’s relative seeking insurance coverage to large-scale deception and fraud orchestrated by organized criminal groups.”2
A software supply-chain attack can compromise an organization within minutes, but it may take weeks or months to detect and address the breach. This poses a major threat to healthcare institutions that rely on third-party services and vendors. These attacks can occur through redirecting traffic, compromising vendor software, or targeting hosting services. In addition, cybercrime threats such as malware, ransomware, phishing attacks, cloud risks, illusion websites, and employee compliance are also prevalent.
Malware can be used by attackers to harm or render servers, devices, and networks inoperable. Ransomware, a type of malware, usually involves demanding payment in return for claiming to restore affected systems.
Phishing attacks involve the sending of numerous emails to an institution, using addresses that appear to be from a trusted source. The intention is to deceive recipients into sharing sensitive information such as login credentials and user data, with the aim of compromising the targeted system or account.
The improper encryption of healthcare organizations’ networks has made the cloud systems a popular storage source for institutions and organizations, including protected health information (PHI) data.
The rise of clever illusion website trends is causing worry as these sites closely mimic trusted ones, leading users to easily mistake them for genuine with a cursory look. Consequently, this can lead to unwittingly sharing access or inputting sensitive data like PHI, credit card numbers, or social security numbers.
Employee error is an overlooked yet significant risk factor. The operator, typically the weakest link in any computer system, can make a healthcare organization susceptible to cybercrime through the use of unencrypted devices, generic or weak login credentials, and failure to comply with other security measures.
With the convenience and popularity of telemedicine, along with advancing medical technology, most implanted medical devices can now be easily monitored, adjusted, and have their data recorded by being connected to the internet. However, just like other computer systems and servers, medical devices are also susceptible to breach risk and vulnerabilities. To ensure the total safety of patients, it is highly recommended for device manufacturers and healthcare providers/institutions that implement these devices to incorporate additional security measures.
Healthcare organizations in their technology-driven and complex nature face challenges when it comes to enhancing cybersecurity. Internal politics and regulatory pressures also contribute to these difficulties. HealthIT.gov provides recommendations for improving cybersecurity, including fostering a strong security culture, protecting mobile devices, practicing good computer habits, implementing a firewall and antivirus software, planning for unforeseen events, controlling access to Protected Health Information (PHI), limiting network access, and managing physical access. However, it is important to acknowledge that not all healthcare institutions can benefit from a standardized approach. Instead, security measures should be customized based on the institution’s specific technology usage, critical aspects of patient care, and organizational requirements.
Given the complexity of modern healthcare networks, it is common for personal health information (PHI) to be shared both within and outside of different multidisciplinary teams and servers. Because of this, organizations need to have a clear view of all users and utilize cloud-based storage to effectively monitor threats, ensure compliance, and respond to network changes as a cohesive system.
Despite lagging in monetary investments towards cybersecurity, the healthcare industry is slightly ahead in encrypting communication from devices. This practice protects the PHI data circulating within a network but raises the necessity of scrutinizing both inbound and outbound encrypted data. This is crucial to detect hidden malware or disguised stolen data extracted from the network. Periodically tracking and referencing an inventory of all IoMT (Internet of Medical Things) devices can aid in identifying any vulnerabilities.
Firewalls are a common cybersecurity technique employed by organizations to safeguard their IT systems. They come in various forms, depending on whether they are utilized for internal or external network processes. Most organizations utilize three types of firewalls: packet filtering, state inspection, and application level gateway.
Packet filtering firewalls are considered standard and function as internal filters to protect the security of electronic health records (EHRs). State inspection firewalls are used to verify the correlation of incoming electronic feeds with previously filtered feeds. Application level gateways serve as gatekeepers for the organization’s network by scanning IP web pages for threats before forwarding them to end users. The gateway is accessed for external network connections in order to prevent intrusion into the organization’s intranet.
With the growing reliance on Internet of Medical Things (IoMT) devices to perform work tasks, organizations should consider enhancing network segmentation. One way to achieve this is by adopting a segmented-strategy approach, which involves the use of a Next Generation Firewall (NGFW). NGFWs combine traditional firewall functionalities with advanced network device sorting capabilities. They not only manage segmented users and data, but also monitor traffic across the network and different domains. By implementing an NGFW, healthcare organizations can gain oversight of various aspects of their network, such as users, applications, and data, leading to better regulation.
Healthcare organizations have not invested enough money and time in adequate training to recognize threats, address vulnerabilities, and stop security breaches. By emphasizing safe computer practices and providing ongoing cybersecurity education, healthcare organizations can reinforce the idea that every employee is accountable for protecting patient data. Having a well-defined cybersecurity protocol would benefit both network users and the organization as a whole by establishing a clear chain of command during a cyber-attack.
The healthcare industry has been lacking behind other industries in terms of cybersecurity progress. Furthermore, it has failed to adequately protect existing stakeholders due to ineffective system protection. In order to address this issue, healthcare organizations must take appropriate actions to enhance security measures. It is crucial to continuously align cybersecurity efforts with the constantly evolving advancements in cybercriminal capabilities.