Servers and storage are a primary focus for one hospital’s support upgrades.
As digital threats to the healthcare industry evolve, and news of attacks grows more frequent, it’s easy to see why some consider cybersecurity to be a losing battle.
Take ransomware, which moved from the 22nd most common malware attack in 2014 to the fifth most common in 2017, according to the 2017 Verizon Data Breach Investigations Report. In 2016, Locky ransomware attacks, which are delivered by email and contain a Microsoft Word document resembling an invoice with malicious macros, targeted multiple healthcare organizations. At least one, Los Angeles-based Hollywood Presbyterian Medical Center, paid 40 bitcoins — nearly $17,000 — to regain access to its network.
And already in 2017, WannaCry and Petya, which both target Windows operating systems by encrypting files and demanding bitcoin payment, hit providers hard, with the latter forcing a West Virginia organization to replace much of its computer network.
But ransomware represents just one of many hurdles. Phishing attacks that compromise private information — from employees as well as patients — can be just as damaging to an organization.
The current landscape, no doubt, is fraught with peril. But just because hackers continue to adapt their strategies, there’s no reason why healthcare information security teams can’t do the same.
A robust and diversified approach to cyberdefense can mean the difference between stopping an attack early and paying a hefty fine to the Department of Health and Human Services Office for Civil Rights. That’s why it’s critical that cybersecurity not be one dimensional. Factors organizations should consider while developing a multilayered defense include:
While some experts estimate that data breaches in healthcare cost the industry $6.2 billion annually, determining how such events impact reputation can be difficult to quantify. Even when an organization’s networks are down for a seemingly short amount of time, such a disruption can have a major impact on patient care.
To keep pace with ever-evolving threats, providers must remain vigilant and holistic about their approach to cybersecurity.