Cybersecurity-related issues have been the bane of the healthcare industry in recent years. These problems come in various forms and have continued to disrupt the effectiveness of the services of many healthcare facilities. The numerous cybersecurity problems include:
- Ransomware and malware are utilized by criminals for shutting down servers, devices, and networks of healthcare organizations.
- Employee errors make healthcare facilities to be at risk of being attacked by cybercriminals. These errors can come in the form of unencrypted data or devices, weak passwords, etc.
- Misleading websites with URLs similar to well-known websites. Such misleading websites allow cyber-criminals to lure and scam innocent victims. For instance, .com may be changed to .org and, consequently, trick patients into trusting the fake sites.
- Cloud attacks through which unauthorized individuals gain access to the protected health information of patients and organizations.
- Phishing attacks, which involve sending numerous emails to users from a seemingly trustworthy source to gain access to their sensitive information.
- Vulnerabilities of medical devices such as pacemakers to cyber-attacks when connected to the internet.
When these cyber security issues occur, they tend to have adverse effects on the affected healthcare facility. Some may prevent the facility from offering care to the patients; others may allow sensitive data to get into the wrong hands. Therefore, healthcare organizations need to be fully aware of the growing dangers associated with cyber security in their sector.
Occurrence of cyber-attacks on the healthcare industry in recent years
It is worthwhile to realize that cyber security issues are on the rise. In the last few years, many healthcare organizations have dealt with cyber-attacks in different ways. As noted by the HIPAA Journal, around 510 healthcare information breaches took place in 2019. This accounted for an increase of 196% in just a year.
Some of the most significant cyber-attacks on the healthcare sector include:
- Lots of servers of the School of Medicine of UCSF were attacked by the NetWalker ransomware. The organization ended up paying a ransom of $1.14 million.
- A German hospital was attacked with ransomware in September 2020. This led to unauthorized access to a plethora of data.
- According to a report by the UK National Cyber Security (NCSC), the development of the COVID-19 vaccine was a target of attacks by APT29.
- In September 2020, the 400 locations of the Universal Health Services (UHS) health system were attacked with ransomware.
- The group that was responsible for SunCrypt, Pysa, REvil, and NetWalker ransomware variants stole health data from 5 healthcare facilities. The data was purportedly offered for sale on the dark web.
Protecting healthcare organizations against cyber security issues
Given the number of cyber-attacks targeted at healthcare organizations, it is paramount for these organizations to protect themselves. Here are some of the measures to be considered:
- Establish a structure for cyber security
Each organization must have a well-established structure for mitigating cyber-attacks. Every member of the healthcare facility must be aware of this structure and how they can protect their data.
- Multi-factor authentication (MFA)
By enabling multi-factor authentication, health organizations reduce their vulnerabilities to cyber-attacks. As claimed by Microsoft, implementation of MFA can prevent more than 99.9% of various automated account compromise cyber security issues. Therefore, healthcare facilities shouldn’t overlook MFA.
In many cases, there are some unpatched vulnerabilities in the IT system of a health company. Unluckily, cyber-criminals usually take advantage of such vulnerabilities. Organizations can deal with this issue by updating their security patches from time to time.
Whether a facility is into the production of cardio machines, diagnostic equipment, medical lasers, etc., this measure can protect it against cyber-attacks.
- Utilize only strong passwords that are changed regularly
According to a report by Verizon, stolen and weak passwords were responsible for over 60% of data breaches. So, protect your healthcare organization by using only strong passwords. Also, endeavor to change them regularly.
- Storage and restoration of backup
Every healthcare organization must have reliable backups – both offline and online. Also, there should be a structure for storing and restoring the backup so that the effect of cyber-attacks can be managed properly.
- Installation and regular updates of anti-virus software
Healthcare facilities should make sure that they have anti-virus software. In addition, the software must be updated regularly so that it can offer maximum protection.