According to the national adviser for cybersecurity for the American Hospital Association, John Riggi, the cyberattacks have gone on to cause greater harm as well as impact many people. It is well to be noted that almost 100 million people happened to get impacted by healthcare hacks.
Given that there are many hospitals and also healthcare facilities that may as well be hesitant, particularly in case they have paid the ransom, this number may as well be higher.
One of the ransomware attacks on Ann & Robert H. Lurie Children’s Hospital, based in Chicago, compelled them to shut down their email, phone, as well as medical record system. Over 2000 patients happen to be treated at this hospital that discovered the breach in the systems on January 31, 2024.
As per the hospital, a known threat actor went on to breach their systems; however, it has not been disclosed as yet if the ransomware was used or even the extent of the data breach.
In December 2023, the ALPHV/BlackCat ransomware group went on to attack Optum, which is a UnitedHealth Group- UHG affiliate. The disruption went on to affect pharmacy transactions across the country and also the Change Healthcare platform by way of stealing 6 TB of its sensitive data, that included:
- Personal identifiable info that belonged to the US Military and Navy Personnel
- Medical Records
- Claims Information
- Dental Records
- Patients Personal Identifiable Information like address, phone numbers, social security numbers, emails, etc.
- More than 3000 source code files and also insurance records
Why is healthcare a sweet target?
It isn’t just out of the blue that hackers target healthcare. The digital environment when it comes to health administration, clinics, patients, and hospitals has grown quite susceptible since medical treatments go on to become networked and more connected by way of computers as well as gadgets.
COVID-19, as well as the staff working remotely, has also increased the intensity as well as scale of cyberattacks that happen to target the healthcare industry. There are more cyberattacks taking place as AI continues to spread its wings and has increasingly gone on to become used very heavily in the healthcare sector.
The fact is that there are many elements of the cybersecurity healthcare spectrum that need to be safeguarded, like patient privacy protection, device security, medical facilities, etc. All these components happen to be linked by way of networks as well as software programs that help in data exchange.
As a matter of fact, cybersecurity in healthcare is facing issues because of the rising dependence on medical devices. There are over 50% of the internet-connected devices that are used in hospitals that are susceptible enough to put the safety of patients and data confidentiality at risk.
Equipment such as respirators, electrocardiograms, monitors, pumps, lasers, medical applications, as well as diagnostic imaging systems, happen to be examples of medical equipment.
Equipment such as IVs as well as medical infusion pumps happen to be wireless and go on to make use of open airways so as to transmit the data as well as update their software. All this happens to create opportunities for remote exploits. Because of all these dangers, the FDA recently took the step of appointing Kevin Fu as the very first acting director of Medical Device Cybersecurity at Center for Devices and Radiological Health.
While there are numerous healthcare facilities moving towards clouds and are also experiencing digital transformation, they are not prepared as yet in terms of cyber dangers.
There are hackers who also like to attack healthcare records, apart from networks and devices. The fact is that healthcare stakeholders go on to place the highest premium on safeguarding patient privacy. Legislators as well as federal agencies go on to periodically evaluate HIPAA compliance and other procedures related to regulatory security.
Ransomware – The Preferred Attack Tool
There is no doubt whatsoever that the criminal hackers happen to view healthcare facilities as very approachable targets from which they can reap rich financial dividends. The hackers may go on to steal medical records and even have a resale value on the dark web. Ransomware extortion has been made a preferred technique of choice by the attackers. The rationale is simple: the hospitals may use the ransom payments so as to regain access to their operational control and hence lower the endangering of patient safety. Moreover, it has been found that hospitals, so as to protect their reputation, prefer keeping their cybersecurity issues private.
Cybersecurity In Terms Of Risk Management And Healthcare
Just like most of the cybersecurity elements, risk management that includes making use of both, business as well as government leadership, apart from tech, happens to hold the key to protecting hospitals as well as healthcare institutions. The Department of Homeland Security has gone on to designate healthcare as a vital infrastructure, which itself means that industry benchmarks as well as protections should be in place so as to defend the same.
It is well to be noted that the healthcare companies go ahead and begin the process in terms of protecting the data by putting intrusion detection as well as response capacity in place, performing regular security evaluations as well as penetration testing, etc.
All these procedures can be used to track any possible insider threats and, at the same time, reduce the effect of bot attacks as well as IT configurations that are not correct.
The fact is that hospitals as well as other healthcare facilities must follow the advice given by NIST and also other risk management advisory bodies and go on to practice cyber hygiene, that’s good that includes multilevel authentication as well as staff training. They must also make use of multiple firewalls, multilayer security, as well as monitoring in real time of the networked systems. It is also advised that the medical gadgets are encrypted so as to lower the security hazards.
Healthcare happens to be a very vital resource for people as well as the global economy, and it plays a very major role in general health and final demise. There should be investments made in it so as to fortify cybersecurity against potential cyberattacks.
