The world of healthcare is evolving.
Telehealth is now an integral part of patient care, with usage increasing 38-fold during the first year of the COVID-19 pandemic alone1; patient data is more voluminous and detailed than ever before, with RBC Capital Market projecting compound annual growth rate of data for healthcare to reach 36% by 20252; and the digital revolution in healthcare continues uncontested, as Statista expects the digital health market to grow in value by 375% from 2019 to 20253.
As this transformation takes place, it’s important for healthcare organizations to adapt to their new systems and process. One key aspect of this is cybersecurity.
What is cybersecurity?
Cybersecurity, also referred to as information technology security, is the practice of protecting computer systems, networks, and sensitive information from attacks. Cybersecurity measures are designed to combat threats and cyberattacks originating both inside and outside of an organization.
How likely is a cyberattack?
Depending on your knowledge of healthcare cybersecurity, it could be much more likely than you think.
In 2020, for the fifth straight year, the number of hacking incidents reported in healthcare rose, increasing 42% on the previous year4. Through these incidents, more than 40 million patient records were breached5. The numbers remained high in 2021, with a new record for incidents of data breaches and HIPAA reporting almost 45 million healthcare records being exposed or stolen6. Considering that between 60% and 80% of data breaches across all industries go unreported7, it’s reasonable to think that the stated numbers don’t tell the full story.
Why are healthcare organizations experiencing more attacks?
The pandemic and the rapid evolution of the healthcare industry have made it more vulnerable to attacks. Increases in remote work and digital communication with patients have created more opportunities for cybercriminals, and while health systems have been focusing on patient security, attackers have been targeting unknown weaknesses. External factors have also had an impact.
To help facilitate the delivery of telemedicine during the pandemic, the U.S. Department of Health and Human Services lifted several restrictions on the use of communication apps, such as Zoom, Skype, Google Hangouts, Apple FaceTime, and Facebook Messenger8. While the loosening of these restrictions did make it easier for patients to access virtual care, it also meant potentially inadequate data protections were in place.
Then, as the world attempted to minimize the spread of COVID-19, a variety of contact-tracing apps were built. They too, however, have come at a cost. Hackers are using the proliferation of contact-tracing apps to impersonate public health officials and subsequently install malware on individuals’ devices9.
What are the biggest cybersecurity threats in healthcare?
There are many potential weaknesses that can be exploited by cybercriminals. Although the biggest threats may differ by organization, here are five common vulnerabilities:
- Cloud Security: Data stored on the cloud can be accessed from any location. While helpful, this means those looking to access and exploit data no longer need to be onsite to carry out an attack.
- Internet of Things (IoT) Exploits: Modern devices, such as smartphones, medical sensors, fitness trackers, and smart security systems can be vulnerable to attack due to their lack of support for a security agent.
- People: A lack of employee education and preparedness makes it more likely that human error — such as falling victim to a scam or placing patient data on an unsecured network — results in a breach.
- Ransomware: Phishing attacks make it easier to determine an organization’s weakness, allowing cybercriminals to device an effective method of penetrating their system with malware.
- Unsecured Mobile Devices: The improved accessibility of patient information on personal mobile devices leads to a greater risk of threats stemming from compromised or unprotected devices.
How do we prevent cyberattacks?
In a 2020 industry forecast, Experian researchers warned that "healthcare organizations are evolving for the better, offering patients easier and faster ways to conduct business, but it will come at a price if entities don’t pay attention to cybersecurity”.
With close to 240 million hacking attempts taking place in 2020 alone7, the best way to act is to prepare as though you’re a constant target. In simple terms, make sure your cybersecurity measures are effective, up to date, and providing the protection your organization needs.
Currently, the healthcare industry invests less than 6% of its budget on cybersecurity7. Given the damage a cyberattack can have on your organization — reputationally and financially — and the regularity at which they are occurring, implementing powerful cybersecurity measures offers value for money, regardless of the cost.
We’ve previously written an article that provides advice on protecting your organization against cyberattacks, which goes into more detail about what you can do as an organization to improve your cybersecurity. CNECT also has contracts with a selection of cybersecurity specialists who can execute the systems and processes you need to keep private data and information secure and protect your organization against cybercriminals. If you’d like a professional to improve cybersecurity within your healthcare organization, contact the CNECT team today.