Hospitals and Healthcare Face Increasing Cybersecurity Risks

The COVID-19 pandemic disrupted life as everyone knew it, but the healthcare industry suffered unique challenges. As the industry worked under extreme duress and struggled to keep up with massive workloads, staff shortages, and supply chain issues, hackers exploited their circumstances, knowing they couldn’t function without their IT systems.

Unfortunately, threat actors continue to target healthcare, and it’s a problem that no provider can afford to ignore. Let’s look at the challenges hospitals and other health providers face.

A Look at the Statistics

Cybersecurity was a huge problem the healthcare industry struggled with before the pandemic, but cybercriminals leaped to illicit opportunity in 2020. In the first half of the year, the industry suffered roughly a 50% increase in cybersecurity breaches. It didn’t get better from there, with 22 million Americans becoming breach victims that year.

Fast-forward to 2021, and over 40 million patient records were compromised — and those are just the incidents that were reported to U.S. authorities that year. It’s not inconceivable numerous additional breaches have yet to be discovered.

Ransomware Plagues the Healthcare Industry

To make matters worse, the number of ransomware incidents in the healthcare industry is skyrocketing. Even before the pandemic, there was an unimaginable 350% increase in ransomware attacks in Q4 2019 compared with Q4 in 2018. Once the pandemic hit, cybercriminals ran with schemes to exploit the industry even more.

During the pandemic, threat actors knew hospitals and providers were overwhelmed and heavily relying upon their systems to effectively manage patient care. Knowing they’d have a high chance of being paid any ransoms they demanded, they attacked. By locking healthcare systems, cybercriminals correctly gauged providers couldn’t use critical processes or access systems they needed to provide patients with the necessary support. One of the most publicized events was when six hospitals across the U.S. were hit by ransomware in a single 24-hour period in October 2020.

Why Are Hospitals and Healthcare Providers so Vulnerable?

Hospitals and other providers are a treasure trove of patient and employee data that cybercriminals can exploit for personal gain. This alone makes them vulnerable, but there are a few other factors that contribute.

  • Facilities often don’t plan budgets with cybersecurity as a priority.
  • Providers fail to install appropriate technology and perform regular upgrades.
  • Employees fall for phishing scams or other social engineering schemes.
  • The growth of remote patient care opens up additional opportunities for hackers to exploit.

These are just a handful of contributing factors as to why the healthcare industry as a whole is so susceptible to cybersecurity breaches. It seems only now the industry realizes cybersecurity isn’t just a “computer thing,” but directly correlates to its ability to serve patients and maintain operations.

How the Industry Can Safeguard Itself

Due to cybercriminals heavily targeting hospitals and healthcare providers during the pandemic, it was a sharp wakeup call that highlighted the vulnerability of the healthcare infrastructure and how detrimental attacks are when facilities can’t operate in times of crisis. Solutions include:

  • Providing employee training and raising more awareness about cybersecurity issues.
  • Allocating more budget money towards cybersecurity mitigation efforts.
  • Upgrading legacy systems with modernized applications that can be better safeguarded.
  • Using multi-factor authentication for anyone accessing systems and limiting access on a need basis.
  • Closing network entry points for attackers — many people don’t think of medical equipment as standalone computers, but with IoT, that’s essentially what they’ve become.
  • Partnering with expert providers who can identify vulnerabilities, perform pen testing, and provide recommendations to bolster cybersecurity.

Cybercriminals are not going to stop. If anything, they’ll continue to launch savvier and more complex schemes. Unfortunately, the financial incentive associated with selling patients’ PII on the black market is too much of an enticement.

As an article published by the Brookings Institute points out, handwashing is a “foundational element” of modern medicine. These days, cyber hygiene should be considered just as basic. Preventative, proactive steps by healthcare facilities are key to averting being victimized by threat actors.