While healthcare is subject to many of the threats that face any business or organization, some issues are particularly prominent in the sector and represent a chance to improve cybersecurity in healthcare.
Ransomware
Unfortunately, healthcare has become a prime target for ransomware scanners. Sophos reported the proportion of organizations hit by at least one attack rose from 34 percent in 2020 to 66 percent in 2022. That’s a bigger rise than any other sector.
You can understand the appeal to attackers. Healthcare is particularly reliant on data, especially regarding patients. The consequences of being unable to access data can be far more serious than simply losing money. That creates a significant motivation to pay a ransom to regain access. Rightly or wrongly, attackers may also believe healthcare groups have the funding to pay ransoms now and worry about the cost later.
To make things worse, healthcare is particularly vulnerable to what you might call “Ransomware 2.0”. A small but growing proportion of attacks are no longer simply about charging a ransom to restore access. Instead, they involve a threat to expose data, something that would have major privacy implications in healthcare.
Protecting against ransomware isn’t simply a case of increasing security and keeping systems updated. Healthcare organizations can’t afford to wait it out after ransomware scammers lock up data. Instead, preparing for a successful attack is as important as trying to prevent it. That means developing backup systems that let you rapidly restore data and get back to work. This requires planning and testing both the systems and the logistics of using them.
Internet Of Things
Internet-connected devices have the power to revolutionize healthcare but they also prevent a new point of attack. At best, inadequate security could expose confidential monitoring data and cause HIPAA problems. At worst, an attack could take devices offline, severely impacting healthcare itself.
The sheer scale of healthcare organizations means that simply relying on keeping devices updated with security fixes is not enough. Instead, IT managers need to have a clear and comprehensive understanding of what devices are on a system and how they are connected. The age-old battle between security and convenience still plays out. A zero-trust approach that blocks all access by default is often the only acceptable approach to risk tolerance.
If you opt for outside help to secure IoT healthcare devices, remember that technical knowledge is not enough. You also need to use a consultant with practical experience in how devices work and interconnect in a real healthcare environment.