Cybersecurity in Healthcare

Blog Image

Did you know that healthcare cyber attacks rose by 55% in 2020, affecting around 26 million in the US? It is not surprising at all to see this fact as health records are now a precious commodity. As telemedicine becomes more popular, healthcare cyber attacks continue to rise.

Cybersecurity in healthcare deals with protecting electronic assets and information from unauthorized access, use, and disclosure. It has three goals known as the CIA triad: safeguarding confidentiality, integrity, and data availability.


Cybersecurity and patient safety initiative alignment will help the organization protect patient safety and privacy and ensure effective high-quality healthcare delivery. Learn more about why there is an increase in healthcare cyberattacks, cybersecurity challenges, and ways to prevent cyberattacks by reading further.

Why There is a Rise in Healthcare Cyber Attacks

Poor handling of the digitization of patients’ records and transfers to cloud services and too old legacy tools that cannot keep up with the cybersecurity needs are factors in the rise of healthcare cyberattacks.

On top of these, healthcare organizations’ possession of high monetary and intelligence value made them vulnerable to cyberattacks. Some of the data targeted by cyber thieves include:

  • 1. Patient’s protected health information (PHI)
  • 2. Financial information (ex. credit cards and bank account numbers)
  • 3. Personally identifying information (ex. Social Security numbers)
  • 4. Intellectual property related to medical research and innovation

On the dark web, stolen health records cost ten times more than stolen credit card numbers. The sad news here, health care organizations pay thrice as much as other industries pay to remediate a breach in health care. It amounts to $408 per stolen health care record versus $148 per stolen non-health record.

Cybersecurity Challenges Confronting Healthcare Organizations

You may encounter several challenges as you secure health care delivery networks. These challenges include running legacy operating systems in multiple devices, lack of segmentation, and application of insecure protocols.

Here are some of the cybersecurity challenges confronting healthcare delivery organizations:

1. Windows Operating System Versions

There is already a reduction in the percentage of devices whose operating systems are just supported through the paid ESU program from 71% to 32% from 2019 to 2020.

Unfortunately, there are still devices running fully unsupported Windows versions like Windows XP and Windows Server 2003 are still at 0.4%.

The small percentage of devices tend to be the most critical in HDO as it creates vulnerabilities. Trends also say that legacy problems may persist in the future.

2. Number of Network Segments

Network segmentation is crucial in limiting surface attacks in healthcare networks. Statistics say that 60% of all the Virtual Local Area Networks (VLANs) have other non-healthcare IoT devices in the same segment. Because of this network segment, a vulnerable device might jeopardize a more sensitive one.

3. Default Passwords

Healthcare equipment like Patient Monitors and CT Scanners have default credentials together with other IT and IoT equipment. These devices serve as the weak links in the network for cyberattacks.

4. External Communications

Exchange of medical information in clear text between public and private IP addresses allows possible leak of sensitive patient information.

Moreover, medical devices communicating over IT protocols with external servers reachable outside the HDO’s perimeter are opening up a potential entry point for an attacker.

5. Insecure Protocols

Insecure protocols allow cyber attackers to access data and even remote controls easily. A cryptographic protocol like the Transport Layer Security (TLS) secures networks of higher-level protocols such as HTTPS. Although the older versions of these, regarded as insecure, some HDOs still use them.

For healthcare delivery organizations, it is necessary to consider these challenges. Addressing these would minimize the probability of a cyber attack happening.

How to Prevent Cyber Attacks in Healthcare

To prevent the occurrence of cyberattacks, healthcare delivery organizations must take some precautions. It includes risk assessment and security controls.

Risk Assessment

The foundation of every program in cybersecurity healthcare lies in the risk assessment. Assessment of risk needs must take place before taking any action to help to manage the risk. It should happen regularly and at least once a year. Moreover, risk gauging must consider:

  • 1. Probability of occurrence
  • 2. Impact on the organization
  • 3. Risk prioritization
Security Controls

With the rumored hefty price of Apple’s VR headset, there is so much to expect from it. From its lightweight design down to its 3D finger modeling and in-air gesture recognition. Indeed, these mentioned specifications above were just mere leaks and rumors as of the moment. Nothing yet is sure about N031.Security controls in healthcare organizations help in ensuring that there is a defense- in-depth. It means that if ever a control fails, another one will catch its place.

For instance, you can prevent a virus entry with the help of the anti-virus program if it happens to cross the organization’s firewall.

Here are some of the basic security controls:

  • Anti-virus
  • Backup and restoration of files/data
  • Data loss prevention
  • Email gateway
  • Encryption at rest
  • Encryption for archived files/data
  • Encryption in transit
  • Firewall
  • Incident response plan
  • Intrusion detection and prevention system
  • Mobile device management
  • Policies and procedures
  • Secure disposal
  • Security awareness training
  • Vulnerability management program/patch management program
  • Web gateway
  • Conclusion

    Cybersecurity in healthcare is vital in protecting electronic assets and information from cyberattacks. Healthcare organizations may prevent cyberattacks through the administration of risk assessment and having security controls. Such measures are enough to avert costly remediation of breaches.

    Sources:

      Do you want to become an inspiring thought leader?
      Contact Us Today