Image from Unsplash.com
If there is a time to discuss cybersecurity
and risks in the healthcare sector, it is now.
Averaging about
172 targeted ransomware attacks worth more than $157 million in
the last 4-5 years alone surely cause for concern. The concern is aggravated
when you learn that ransomware is just a small cog in the grand scheme of
different attacks which this industry faces.
A top challenge here is where the threats
penetrate through. User data is not only stolen from the organization's
database itself, but also via employee and patient breaches.
Thus, an understanding of where the
attacks are coming from – and what to do against them – is crucial.
Ransomware
We touched on this in the introduction
alone.
The cankerworm that is ransomware is a
multi-billion-dollar industry globally. Much of that illicit number is
contributed by the healthcare sector alone.
It is common advice to reject the
attacker's request to make payment in these cases. However, these threat actors
know that they have caught the clinics and hospitals which they attack between
a rock and a hard place.
Healthcare facilities need unfettered
access to the patient records on hand to function well. Disruption to that puts
many lives at stake. So, they are most likely to pay.
Besides beefing up security initially,
most of these healthcare facilities will have done better with a backup file.
Should such an attack ever occur, they
simply have to wipe down their systems, restore from backup and get back to
business as usual.
Software attacks
The global healthcare industry demands
some of the top-of-the-line software.
With a growing number of companies wanting
a slice of that cake, there is a barrage of software solutions around today.
That, in a way, makes it easier for the
threat actors to steal data from all cadres of this industry.
From connected
wearables for seniors to patient tracking software, a single
vulnerability could spell doom for the data on hand.
These attacks seem to be going nowhere
because no software is perfect.
However, that is not caused to resign to
fate. Going with established software/ hardware manufacturers increases the
chances of never falling victim to these classic attacks.
In the same vein, it is important to
update this software and firmware as soon as a new version becomes available.
Otherwise, you stand the risk of getting exposed to exploits when they do
happen.
Insider Threats
Verizon maintained in a report that about
46% of healthcare organizations had a threat actor working within their ranks.
This is one of the biggest threats to
plug. Since the threat actor knows all the security protocols in place, they
could simply breach them – or give someone else the access needed to steal the
data.
The report maintains that some of these
insider players might be bribed, coerced, or otherwise manipulated into giving
off sensitive details.
Likewise, the inside threat might be
solely motivated by the threat actor themselves.
There have been cases of hospital
employees who have used their access to steal patient data, mine credit card
info, and run elaborate scams for a long time.
If that can happen, anything can happen.
A thorough background check of anyone
coming into the healthcare ranks is the first place to look here. Furthermore,
restrict access to sensitive data to only those who need it. That way, a threat
can be curbed faster since you know where it could have originated from.
Employee Negligence
Sometimes, negligence is not an active
thing but a passive action.
For example, consider a healthcare
employee who:
● Connects
random external devices to their work computer (maybe to transfer files)
● Leaves
their computer unattended in a public place (such as a coffee shop)
● Leaves
their laptop hanging around without as much as a password to protect it
● Has
a work computer to whom everyone has the password.
● Now
works from home, because of the pandemic, and doesn’t invest in serious network
security.
The possibilities are endless.
In each of these cases, the employee is
not intentionally putting the data they have at hand at risk.
They might know how confidential they have
to be with such data but not how important the data is, overall.
That is why healthcare facilities need to
invest a lot into training their staff strength on cybersecurity measures.
The good news is that consumer security
options allow these employees to stay safe in the comfort of their own homes.
From a
simple VPN download to encrypt the network and files sent through
it to an antimalware installation to keep the malicious codes out, consumer
security is getting easier and more accessible.
Budgeting Crises
We cannot talk about everything else only
to forget the role of budgets in the big game.
Healthcare facilities tend to focus most
of their allocations on expanding the business. That could mean anything from
funding more ground-breaking research to adding more top talents, bringing in
more pieces of equipment, and all that.
However, they tend to forget the role of
cybersecurity in keeping the very fragile sheet of what they do together.
For cybersecurity issues in the healthcare
industry to dwindle at all, top management needs to take a more proactive
approach. Cybersecurity experts should be given an audience – and the
decision-makers should be ready to listen.
They would be surprised to learn how
exposed they are, and how easily their flaws can be patched up before it
becomes a serious issue on their hands.
Flip the Switch Today
Healthcare data contains a lot of
sensitive data.
It is not only names and addresses, which
are sensitive on their own. It is specific diseases that could be targeted by
scammers, health profiles that could be targeted by organ thieves, and credit
card details on a platter of gold for financial criminals.
Tightening up the loose ends costs less
than what the industry would have to pay to rectify a breach, anyways. If there
is a better time to start, it would be now.
0 Comments