A 2018 national audit of healthcare preparedness observed that only 45 percent of businesses followed the NIST Cybersecurity Framework, a policy framework for cybersecurity guidance for private sector organizations in the United States.
No wonder then that the healthcare sector sees a tremendous penetration of cyberattacks year-after-year. A recent example of this is the theft of personal information of 14,591 patients that received medical care through Los Angeles County’s hospitals and clinics. Moreso, experts are now saying that the monetary losses to the global healthcare industry are mounting into billions, courtesy cyberattacks.
When it comes to the operational end of healthcare, the consequences of a cyber attack can be catastrophic. A cyber attack on a healthcare system can be dangerous and life-threatening – imagine critical care patients being locked out of the system. Also, considering the fact that industries in this sector store potentially vital personal information, it is even more worrisome that this sector is not investing a lot in cybersecurity.
The industry needs to act swiftly.
For stakeholders, here are some of the top cybersecurity issues facing this sector –
1. Ransomware
Reiterating, healthcare data is a thriving breeding ground for hackers all over the world. Healthcare data primarily consists of hyper-confidential patient care details, insurance information and financial data. This information can be kidnapped and sold to an array of buyers – pharmaceutical behemoths, insurance bigwigs and banking juggernauts are just some of them.
Hence, ransomware is the preferred tactic for cyberattackers to sabotage the healthcare industry at large. Typically how this works is that hackers gain access to systems and encrypt data locking original users out. These users are then threatened that the encrypted information will be deleted or leaked unless they pay a ransom (mostly in the form of a cryptocurrency like Bitcoin). Hackers are specific to state that the data will only be freed post-payment.
2. Insider Threats
Insider threats are certainly not a new risk anymore but their threat potential is increasing as we speak. Data is now routinely being stored in the cloud which means employees of an organization have a lot of access to sensitive data within the organization. This is compounded by the fact that humans can often be the weakest link in any cybersecurity framework.
3. Advanced Persistent Threats (APT)
Advanced persistent threats refer to malicious campaigns where attackers breach a network and then stay there, quietly gathering intelligence about the target. They can sometimes go undetected for months or even years. The main aim of APTs is to steal sensitive confidential data. They enter an organizational network, expand their presence slowly and gather data before finally exiting. Data from the healthcare industry is exceedingly valuable – and hence cybercriminals know it’s worth it to think long-term in terms of securing this data.
4. Mobile devices
According to statistics, 68% of healthcare security breaches were due to stolen/mobile devices. Healthcare providers are routinely using mobile devices for services such as submitting patient data, submitting bills, scheduling appointments, etc., increasing the amount of patient data being disseminated. Lost or stolen mobile data were one of the leading causes of healthcare data breaches.
5. Spear phishing
A variation of phishing, spear phishing is a big threat to healthcare industries – just like APTs, it gives attackers access to valuable data. Hackers send a targeted email to an individual which appears to be from a trusted source. The agenda of these emails, like any other cyber fraud is to either gain access to the user’s system or obtain other classified information. Spear phishing is considered to be one of the most successful cyber-attack techniques because of the superior level of personalization done to attack users which makes it highly believable.
Stay protected against all these threats by employing Seqrite’s range of solutions which are defined by innovation and simplicity. Through a combination of intelligence, analysis of applications and state-of-the-art technology, Seqrite provides the best defence against myriad cybersecurity threats.
