Data security and proper training can help protect against cyberterrorism
According to Healthcare Facilities Today, the personal information of 1.5 billion people, was leaked via third-party breaches from cyber-attacks in 2021. This trend continues a rapid increase in incidences against the healthcare industry since the beginning of the COVID-19 pandemic.
The sharp rise in cybercrime against the healthcare industry has reinforced the importance of securing confidential patient and business data. With the issue only expected to grow, practices and centers must understand how to properly secure and send confidential information and protect against network takeovers. Failure to do so can lead to the loss of financial and physical resources.
Naomi Diaz of Becker’s Hospital Review stated in a Jan. 2022 article that over 50-percent of internet connected devices in hospitals are vulnerable to cyber-attack. This disturbing figure holds true for ASCs and private practices as well.
“Cyber security is a very specialized IT (Information Technology) service,” Jeff Keator, a Senior Manager of Security Solution Architecture at Verizon said. “Think of me as a cyber-criminal. If I can get access to systems, at a hospital for example, I can disable internet connected devices, change the temperature in a location where blood is stored, or crank up the heat in an office until I get what I want, such as a ransom. If I can get access to personal or medical information, I can sell it for profit online or use it to commit fraud. These are all very real threats in the healthcare vertical.”
Surprisingly, attacks from outside sources are not the biggest threat to healthcare provider data. According to Verizon’s 2021 Data Breach Investigations Report (DBIR), the most common cause of incidents was simple misdelivery (36-percent of incidents), either in person or electronically. PE GI Solutions Vice President of Information Technology John Westby explained that security goes beyond typical software.
“Healthcare providers must make the right investments in their overall information security practices, not just the technology elements such as anti-malware and security monitoring solutions,” Westby said. “Having the right security policies in place, aligned with the requirements of the HIPAA Security Rule, including the appropriate procedures to train their employees in the protection of ePHI (electronic protected health information), is equally important as having the right technology safeguards.”
Outside of internal errors, external threat actors accounted for 63-percent of total incidences according to Verizon. These attacks come in a variety of forms, the most common being ransomware. McAfee describes ransomware as the following:
“Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom payment is then demanded to restore access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyze an entire organization. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.”
Westby adds that a ransomware attack on a healthcare provider can bring all aspects of patient care to a halt.
“Every provider now is either mostly or entirely dependent on technology to operate their business in a sustainable manner given technology’s role in enabling patient visit and procedure volume, and the growing use of technology to identify and treat disease,” Westby said. “Ransomware by its nature is intended not just to be inconvenient, but to completely disable business operations – it is no longer just a threat to the extraction of patient data, but a fundamental threat to preventing healthcare providers in providing patient care.”
While data security is of high concern, many are unsure as to how best secure their networks from outside threats, including internet connected devices and patient medical and personal information.
“Cyber terrorism is a rapidly accelerating problem at a global level, and increasingly cyber terrorists are targeting industries that are core to how we live our lives,” Westby said. “The defense industry, the electric grid, our telecommunications infrastructure, and the healthcare industry are top targets in this regard. It is no longer optional to have a well thought out and managed IT and Information Security program as a healthcare provider, regardless of size.”
Want to learn more about how to protect against cyber crimes? Read our related articles:
- Enhancing Information Infrastructure
- Understanding Cyber Security Threats When Working from Home
- Blocking a Breach
- IT Recovery and Disaster Plans