A study by the Ponemon Institute shed light on the numerous cyber-attacks in the healthcare sector that have increased the risk to patients and gravely impacted care delivery.
Post the upgradation of technology, the safety of patient data in the healthcare sector has been directly linked to cyber security due to the dependence on online devices. However, cybercriminals are using loopholes in the security systems to launch attacks and make hospital servers inaccessible, leading to a delay in finding patient data and providing timely healthcare, resulting in deaths.
For the study, the institute surveyed 641 IT and IT security practitioners working in the healthcare sector to unveil the staggering number of attacks the industry suffered. 70% of respondents stated that patient care was delayed due to online attacks, which also affected treating the patients and increased illness among 54% of the patients. The attacks have also led to the below consequences:
- Increased hospital stays.
- Increased mortality rate due to delayed response as per 23% of respondents.
- Increased the number of patients that were transferred due to cyber-attacks.
- Health complications due to the delay in service.
As per the data, 89% of organizations faced cyber-attacks in one year, adding that the sector suffered an average loss of $4.4 million as the most expensive cyber-attack.
Types of cyber threats and their impact on the healthcare sector
On studying the four main types of cyber-attacks, including cloud compromise, ransomware, supply chain attacks and business email compromise (BEC)/ spoofing, the following was inferred:
- 75% of organizations feel insecure about cloud compromise.
- 72% of organizations are vulnerable to ransomware attacks. 41% of respondents experienced an average of three attacks in two years.
- 71% feel their organizations are vulnerable to a supply chain attack.
- 64% of the respondents fear being vulnerable to BEC attacks.
The study also highlights the lack of confidence among IT security practitioners in healthcare organizations and the need to upgrade and update as technology evolves.
Upgrades the healthcare organizations need
Despite using encryption, tokenization and other cryptographic tools, premium cloud security services, private data network connectivity and another mechanism, there is a need to keep upgrading the technology to create a wall against evolving cyber-attacks. Medical devices can be easily breached because most healthcare sector systems still don’t have upgraded security measures. Moreover, the staff is focused on healthcare, and adding technical knowledge would require a significant shift in day-to-day workload.
Healthcare servers store data of thousands of patients and staff alike, including their contact, financial and health details. However, hackers have utilized this extensive database to create better monetization opportunities as they get instant access to information with a single breach. Hence, there is an urgent need for the healthcare sector to invest in building cybersecurity infrastructure.
Several smaller healthcare organizations are at increased risk due to low-security skills among the staff, budget and the technology being used. Outdated technology creates better hacking access, which needs urgent upgradation and constant updating.
- Securing medical devices and mobile apps is important as it is among the most important causes of concern in healthcare. Often, it is medical devices such as pacemakers and infusion pumps that get exposed due to vulnerability.
- Having in-house experts and staff and collaborating with other cybersecurity agencies to deal with threats.
- Improved training and awareness programs to increase cybersecurity skills among staff. Employee negligence is among the top six cybersecurity concerns amounting to nearly 58% of threats.
Preventing cyber-attacks with the help of authorities
With the reliance on over 26,000 network-connected devices that organizations have, it has become imperative to re-evaluate the systems and implement the proper security mechanism. It is necessary to constantly be in touch with the nation’s legal authorities to be upgraded about future cyber-attacks based on current trends.
The Federal Bureau of Investigation registered several success stories of preventing and controlling cyberattacks on hospitals, such as the Nebraska hospital attack. The FBI isolated the attacked server and completely stopped the malware from causing data theft or other damage. The timely prevention of the attack highlights the importance of contacting law enforcement agencies as soon as suspicious activities are detected.
The healthcare sector is responsible for securing protected health information (PHI) that includes patient information. As per the Health Insurance Portability and Accountability Act (HIPPA), organizations must prevent exposing sensitive PHI without the patient’s consent. With such regulatory federal law put in place, it is paramount for all healthcare entities to amp up their cybersecurity.