Hospitals and other healthcare facilities have experienced an unprecedented number of cyberattacks. . Ransomware attacks on healthcare organizations have increased by 94 percent year over year, according to a June report by Sophos. In 2021, 66 percent of healthcare organizations experienced a ransomware attack, up 34 percent from 2020.
It is hard to pinpoint the reason the attacks have increased. Human error is often the source of blame for security breaches because most healthcare workers use personal devices while on the job, but only 51 percent have them securely enabled, according to a report by Endpoint Ecosystem. Still, many healthcare workers say they have not been adequately trained to protect company data, according to the report. And 27 percent of employees reviewed security policies less than once a year, while only 39 percent received security awareness training less than once a year, according to the Insider Threats in Healthcare report by U.S. Department of Health and Human Services.
While many agree that cybersecurity is important, it can fall to the wayside when it comes to prioritizing treating patients. But cyberattacks will hurt patients as their private, personal information is leaked and potentially held for ransom.
Healthcare managers must regularly communicate with patients regarding how their data is being used, stored, shared and protected. Taking extra precautions to protect everyone within an organization ensures that no one’s health or safety is compromised, and having an open dialogue can boost trust within an organization and can improve its reputation.
“With more transparency now around cyber incidents, it’s important that security and incident response teams learn from attacks against other organizations so they can put themselves in the same position by running exercises and simulations,” says Kev Breen, director of cyber threat research at Immersive Labs. “This will help them ask themselves: How would we have responded? Could we have responded differently or better? These learnings should then be built into crisis response plans.”
Cybersecurity is constantly changing. What was secure in previous years can become vulnerable as technology advances and threats evolve. Fifty-nine percent of organizations say their cybersecurity protocols have changed over the last two years, according to the State of Cybersecurity and Third-Party Remote Access Risk report by Secure Link. More companies are shifting to access management models and modern security strategies such as:
- restriction of network access
- enhanced physical controls, such as restricted control areas
- access entitlement that is appropriate to the job function
- expanded use of automation and artificial intelligence tools for security operations
- increased accountability among employees
- enhanced identity and access management techniques.
Insurance companies now require stricter criteria for healthcare organizations to secure cyber coverage. Insurers are limiting coverage, increasing premiums and requiring healthcare organizations to show basic cyber hygiene practices in order to obtain a policy, according to SC Media.
Every second counts when a cyberattack happens. Without a proper cybersecurity plan or insurance in place, patients and residents can be at risk. It is up to managers to provide regular audits of their security programs to ensure that personal data is still secure. Remaining vigilant and up to date on best practices to protect organizations is the only way to stay ahead.
“From a technical standpoint, ensuring an effective software patching policy is in place is a great start for pre-emptive planning,” Breen says. “This helps close the doors before threat actors can launch attacks. Regular testing of incident response plans involving the whole organization is also something everyone should be doing. When practiced with cadence, this means organizations will have the right tools, processes, and mindset to react to cyber events. In addition, ensuring compliance with the latest regulations is also critical.”
Mackenna Moralez is the associate editor of Healthcare Facilities Today.