It’s past time that healthcare providers and hospitals practice better cybersecurity hygiene


There’s more concern than ever before about the risk of cyber crime. Some of the biggest companies in the world have suffered from data breaches, and it’s not a trend that shows any signs of stopping anytime soon. Any company that wants to protect the needs of their data and that of their users needs to stay vigilant with their cybersecurity and not become complacent. But the amount of damage that can be caused to an institution can vary wildly depending on the sector, and the healthcare industry is especially vulnerable. It’s the second largest industry in the world, and potential breaches of healthcare cybersecurity has the potential of human casualties as well as the loss of time, money, and operational capacity.

Firms like Payneless IT, who specialise in facilitating secure and comprehensive cybersecurity strategies, warn that healthcare technology is not appropriately protected. On average, investments into healthcare cybersecurity are half that of the protective measures used in other industries. And that’s especially concerning because healthcare information is an especially tantalising target to criminals. Stolen patient records score an abnormally high price on the black market, and that would suggest that healthcare information security deserves more attention than other sectors rather than less.

These concerns come backed by cold hard statistics. A recent study by security firm FortiGuard Labs identified an average of 32,000 attacks against the healthcare information security per organization in 2017. That’s well over double the number for other fields.

And while the tools that hackers use to get access to healthcare technology are growing more sophisticated, the most commonly used methodologies remain the same as they have been for years. Phishing continues to be the primary means by which hackers gain control of healthcare infrastructure. By hiding malware in seemingly innocuous links or email attachments, hackers can lure healthcare workers into exposing their institution’s entire infrastructure, and once malware enters a system, it can be hard to identify and even harder to negate.

Such was the case with the attack on MedStar Health. The massive healthcare system based out of Maryland was the victim of a ransomware attack in 2016, and it both drew national headlines and put the lives of patients at risk. MedStar had to shut down their email and record databases as a result of the attack, and they had to forestall medical treatment for cancer patients for multiple days.

What’s especially alarming and frustrating about these situations is how preventable they seem to be. The vulnerability that allowed hackers access to MedStar Health’s systems was well known, and mandatory cybersecurity training for staff could greatly minimise the risk of workers falling for the scams that most commonly leave networks open to attacks. The tragedy is that the larger an organisation is, the more devastating a cyber assault can be. One simple mistake or lapse in security protocol can allow malware access to a system, and once infected, this simple mistake can quickly overcome the entire systems of companies operating on a regional, national, or even global level.

It’s a dangerous enough situation now, but it’s only going to become worse if healthcare providers don’t take the proper steps to secure their systems. New regulations and requirements may result in greater penalties for complacency. The medical records on file through healthcare systems are tantalising targets enough, but the rising integration of the Internet of Medical Things IoMT further expands the amount of devastation a hacker can cause. The Internet of Medical Things IoMT refers to the increasingly complex network of internet-connected devices that can include everything from MRI and X-ray machines to electric wheelchairs. A more connected hospital is potentially a more functional one, but it also creates further jeopardy for institutions that aren’t properly bolstered against attack. Hacked devices could cripple a hospital’s ability to operate, but there’s an increasing risk of hackers targeting patients directly. The threat of remotely controlling a pacemaker or stripping patient information from WiFi enabled medical bracelets are very real, and these sorts of devices are only likely to grow in popularity in the coming years.

Healthcare is at risk, but the solutions aren’t simple. Only a holistic approach to security that looks at the issue from all possible angles will really address the issue. Each new technological integration brings with it new vulnerabilities and challenges, but the rise of homomorphic encryption could help protect the most valuable patient information from criminals. If the healthcare system wants to remain modern, they’ll have to invest in greater security levels, and that must cover everything from properly training every members of their staff to implementing IT protocols to make sure their systems are perpetually prepared for new and emerging threats. Healthcare technology could bring about a bold new future for the industry, but that revolution will never happen if its not partnered with a scrutinising approach to cybersecurity.

Read more about cyber security at our blog here.

If you’d like to speak to a specialists regarding your organisations cybersecurity profile and regulations please contact us at 1300 940 083 or via the online form here.