Being Cybersecurity-Aware for Healthcare's Vulnerabilities

Awareness of cybersecurity vulnerabilities in healthcare is critical for defending against breaches.

By Jeff Wardon, Jr., Assistant Editor

Cyberattacks and data breaches alike continue to affect healthcare facilities. Daily, new vulnerabilities and exploits are found within healthcare systems. All this is in an effort to access sensitive and valuable data, then extract it and potentially sell it off. Cybersecurity is the line of defense guarding against these unauthorized parties obtaining the data they want.  

Given this, the U.S. government named the month of October “Cybersecurity Awareness Month” to emphasize the importance of cybersecurity programs and initiatives. With healthcare undergoing changes in its information technology infrastructures, being cybersecurity-aware is critical to this process. 

This is due to healthcare facilities becoming more integrated with interconnected information technologies, such as Internet of Things (IoT) devices and building automation systems (BAS). These devices, if not protected, can provide an open door for cyber-attackers. And, if these devices are breached, then patient data becomes exposed and ripe for the taking. 

“All of the devices these days are increasingly connected and reading data into some database elsewhere,” says Nilesh Chandra, U.S. healthcare analytics lead at PA Consulting. “The number of systems involved adds to the complexity because the data is flowing all over the place into lots of different systems and you need to secure all of them.” 

Another vulnerability Chandra mentions is larger machines that do things such as imaging because they can be running on closed-off computers that may not be up to date with the latest security patches. Chandra adds that these computers run on a completely different internal network that is not connected to the public internet whatsoever. If one of these is plugged into an external-facing network, a large vulnerability is introduced to the entire healthcare facility’s network.  

With vulnerabilities such as these introduced to a network, unauthorized parties can find potential avenues for access, thus leading to a breach. When a breach or related cyberattack happens, it can even cause a healthcare facility to shut down completely.  

“If that happens, all the patient related information is stored on these systems that are down,” says Chandra. “Doctors and nurses are suddenly left in a position of making life and death decisions without access to the right information. The potential for all kinds of harm happening to patients just goes up very, very significantly. That is the real impact of these cybersecurity breaches.” 

However, shutting down is not the only concern that healthcare facilities face with data breaches. Unlike many other industries, healthcare facilities must answer to the overarching regulatory framework of the Health Insurance Portability and Accountability Act (HIPAA), according to Chandra. If patient data is compromised, healthcare organizations may be held liable and face legal challenges. 

To defend against these breaches and their ramifications, Chandra recommends having a multi-layered security architecture that partitions information. This is so that if at any point a security compromise were to crop up, the threat could be minimized quickly. Chandra also stresses that early detection of these breaches or attacks is paramount to containing them. That way, the affected part of the infrastructure is sectioned off while the rest of a facility’s operations can resume. 

Jeff Wardon, Jr. is the assistant editor for the facilities market. 

October 19, 2023

Topic Area: Information Technology , Safety , Security

Recent Posts

Texas to Offer Grant to Aid Operations for Rural Operations

Over 80 hospitals in Texas currently face closure.

Allina Health Opens Lakeville Specialty Center

The 100,000-square-foot center includes more than 10 specialty services.

How Can BAS Help HVAC Systems Be More Efficient?

HVAC manufacturers discuss the efficiencies of pairing HVAC systems with BAS.

Lessons to Learn from the Ascension Ransomware Attack

Securing backup data, having the correct resources and sharing information are crucial to addressing ransomware attacks.

DIG Completes Two New Hackensack Meridian Hospital Projects

Their Jersey Shore and JFK Medical projects focused on enhancing the patient and staff experience.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.