Cybersecurity Evolve as Attacks on Healthcare Sector Grow

Cyber attacks on healthcare organizations have increased 94 percent year-over-year.

By Mackenna Moralez
September 23, 2022

Hospitals and other healthcare facilities have experienced an unprecedented number of cyberattacks. . Ransomware attacks on healthcare organizations have increased by 94 percent year over year, according to a June report by Sophos. In 2021, 66 percent of healthcare organizations experienced a ransomware attack, up 34 percent from 2020.  

It is hard to pinpoint the reason the attacks have increased. Human error is often the source of blame for security breaches because most healthcare workers use personal devices while on the job, but only 51 percent have them securely enabled, according to a report by Endpoint Ecosystem. Still, many healthcare workers say they have not been adequately trained to protect company data, according to the report.  And 27 percent of employees reviewed security policies less than once a year, while only 39 percent received security awareness training less than once a year, according to the Insider Threats in Healthcare report by U.S. Department of Health and Human Services. 

While many agree that cybersecurity is important, it can fall to the wayside when it comes to prioritizing treating patients. But cyberattacks will hurt patients as their private, personal information is leaked and potentially held for ransom.  

Healthcare managers must regularly communicate with patients regarding how their data is being used, stored, shared and protected. Taking extra precautions to protect everyone within an organization ensures that no one’s health or safety is compromised, and having an open dialogue can boost trust within an organization and can improve its reputation.  

“With more transparency now around cyber incidents, it’s important that security and incident response teams learn from attacks against other organizations so they can put themselves in the same position by running exercises and simulations,” says Kev Breen, director of cyber threat research at Immersive Labs. “This will help them ask themselves: How would we have responded? Could we have responded differently or better? These learnings should then be built into crisis response plans.” 

Cybersecurity is constantly changing. What was secure in previous years can become vulnerable as technology advances and threats evolve. Fifty-nine percent of organizations say their cybersecurity protocols have changed over the last two years, according to the State of Cybersecurity and Third-Party Remote Access Risk report by Secure Link. More companies are shifting to access management models and modern security strategies such as: 

  • restriction of network access 
  • enhanced physical controls, such as restricted control areas 
  • access entitlement that is appropriate to the job function 
  • expanded use of automation and artificial intelligence tools for security operations 
  • increased accountability among employees 
  • enhanced identity and access management techniques. 

Insurance companies now require stricter criteria for healthcare organizations to secure cyber coverage. Insurers are limiting coverage, increasing premiums and requiring healthcare organizations to show basic cyber hygiene practices in order to obtain a policy, according to SC Media.  

Every second counts when a cyberattack happens. Without a proper cybersecurity plan or insurance in place, patients and residents can be at risk. It is up to managers to provide regular audits of their security programs to ensure that personal data is still secure. Remaining vigilant and up to date on best practices to protect organizations is the only way to stay ahead.  

“From a technical standpoint, ensuring an effective software patching policy is in place is a great start for pre-emptive planning,” Breen says. “This helps close the doors before threat actors can launch attacks. Regular testing of incident response plans involving the whole organization is also something everyone should be doing. When practiced with cadence, this means organizations will have the right tools, processes, and mindset to react to cyber events.  In addition, ensuring compliance with the latest regulations is also critical.” 

Mackenna Moralez is the associate editor of Healthcare Facilities Today. 

See the latest posts on our homepage Share

Topic Area: Information Technology , Security

Recent Posts
Recent Posts

High-Touch Surfaces in Long-Term Care Facilities Often Contaminated

Findings could help long-term care facilities assess cleanliness of high-touch surfaces and enhance infection prevention and control measures


New Resource Helps Prevent Violence in Healthcare Facilities

The Workplace Violence Prevention Handbook for Health Care Professionals aims to help healthcare facilities make immediate enhancements relating to workplace violence.


Mental Health Impacted by Workplace Culture

Negative workplace environments can lead to less productivity.


CMS Offers Resources for Florida Hospitals Affected by Hurricane

Resources and waivers aim to ensure hospitals and other facilities can continue to operate and provide access to care to those impacted by the hurricane.


Jackson West Medical Center Uses Design to Focus on Patient Wellness

The design incorporates nature to better promote healing



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like