The Biggest Cybersecurity Risks to Healthcare Data Right Now

April 10, 2019 - 7 minutes read

Between 2009 and 2017, 2181 healthcare breaches occurred. Each one compromised at least 500 records. Altogether, these security breaches exposed 176 million healthcare records—more than half the population of the United States.

In 2017, the world suffered the greatest ransomware attack in history. The WannaCry ransomware, which targeted Microsoft Windows computers by encrypting data and demanding a Bitcoin ransom payment, compromised more than 200,000 computers in 150 countries. In the UK alone, this cyber attack compromised more than 70,000 devices across multiple National Health Service hospitals.

It’s no secret that cybersecurity is a serious issue in the healthcare sector. But contrary to popular belief, it’s not just cyber threats and attackers that can cause catastrophic damage. Many other major issues are lurking in plain sight. And measures must be taken to address them now.

Mobile Devices

Due to the unprecedented capabilities that medical app development is unlocking, mobile device adoption is on the rise in the healthcare sector. Unfortunately, many mobile devices fail to meet the bare-minimum security standards, leaving them vulnerable to malware and security breaches.

And this vulnerability shows. In a survey of 600 mobility professionals in industries like finance and healthcare, it was discovered that 35% of healthcare organizations had suffered data loss or significant downtime due to mobile security breaches.

Anthony Giandomenico is a Senior Security Strategist at Fortinet, a cybersecurity software developer in the San Francisco Bay Area. He explains the problem in more detail: “Most of the users don’t know that their phones are as unsafe as their desktops and laptops, which, in turn, lowers their guard when determining if, for example, an email is legitimate or not.”

How Do You Protect Mobile Devices?

  • Healthcare providers must remind users to employ basic cyber hygiene when it comes to their mobile devices. Making sure your mobile apps are up-to-date, installing mobile malware protection, and only using trusted WiFi networks can all go a long way towards preventing a data breach.
  • Employ network access control to tighten up security. Doing so allows you to scan devices for out-of-date spyware protection and other threats.
  • Make it mandatory to use a secure platform when exchanging patient information.

Employee Mistakes and Breaches

In a 2018 cybersecurity report, Verizon examined 1368 healthcare data breaches and found that 28 percent of them came from the inside. Employees are undoubtedly one of the biggest cybersecurity threats to any organization.

To make matters worse, some incidents may not have been accidental. Accenture also conducted a healthcare data security survey and found that almost 1 in 5 healthcare employees would be willing to sell confidential data for a small amount of money.

Whether through carelessness or malicious intent, a data breach can have adverse effects on patients’ personal lives and the image of a healthcare organization. Compared to external threats, these are considered twice as harmful and costly.

How Do You Mitigate Insider Breaches?

  • Background checks are an absolute necessity to avoid insider threats.
  • Every employee that has access to critical data should be educated on best cybersecurity practices as well as the risks associated with breaches.
  • Implement solutions that al you to quickly identify security threats before they balloon into bigger issues.
  • Audit any device utilized by staff members. They’re a reliable way to look at each individual’s usage history.

The Supply Chain

As the healthcare sector turns more toward cloud-based technologies and service providers, the industry’s supply chain is no longer a stranger to cybersecurity threats. Whether it’s through third-party goods or services, hackers have more avenues than ever before to install malicious code, steal private data, and introduce counterfeit devices into the supply chain.

A lot of these vulnerabilities can potentially be traced back to the device manufacturers. After all, a medical facility usually has no idea whether the devices they employ actually meet quality and safety standards or are tampered with during the manufacturing process. Because the cybersecurity practices in place differ from one supplier to the next, it’s difficult to ensure that all devices are protected against the same vulnerabilities.

For instance, Hancock Health, a hospital in Greenfield, Indiana, was hit by the SamSam ransomware in January 2018. Using the credentials of a third-party vendor’s account, the hacker was able to access the facility’s data center and demanded four Bitcoin in order to relinquish access to 1400 files.

How Do You Mitigate Supply Chain Attacks?

  • Healthcare providers should make it protocol to only work with trusted partners who meet all healthcare industry regulatory compliances.
  • All contracts prepared with suppliers should be fully enforced to fulfill every condition.
  • Employees should only have access to the specific data they need to perform their tasks.
  • Train and equip all employees with the tools necessary to minimize the effect of a data breach so they’re ready if one ever occurs.

Stay Safe Out There

We hope you’ve enjoyed this overview of some of the biggest cybersecurity risks plaguing healthcare right now. There are numerous threats to the sector at the moment, but these ones stand out as not only some of the most dangerous but also the most preventable.

It’s imperative that your organization stays ahead of these threats; they can cost millions of dollars if ignored. Building a robust security foundation is always better than dealing with the fallout from an actual data breach.

Tags: , , , , , , , , , , , , , ,