By Mackenna Moralez, Associate Editor

Cyberattacks are becoming more common within the healthcare industry despite numerous warnings from top government agencies. Cyberattacks against healthcare facilities have increased 18 percent since 2022, compromising the patient records of 59.7 million individuals, according to a report by Protenus Breach Barometer.  

The report found that insider incidents occurred for more than 1 in 10 breaches, totaling 12 percent overall. Human error is largely to blame for most cyberattacks due to lack of training. Most healthcare workers use personal devices while on the job and only 51 percent have them securely enabled, according to a report by Endpoint Ecosystem last year. Meanwhile, 27 percent of employees have reviewed security policies less than once a year, while 39 percent received security awareness training less than once a year.  

Hospitals and other healthcare facilities are frequent targets of cyberattacks because they have a high number of electronic devices, systems are outdated, and healthcare staff are too busy to stay updated on proper cybersecurity training. The more vulnerable a healthcare system is, the more likely a patient will lose trust in its operations. 

Insider events tend to be the gateway for many ransomware attacks, according to the Protenus Breach Barometer report. Employees can easily be tricked to clicking on malicious links in emails, allowing hackers to seize millions of patients records in an instant. Many employees agree that cybersecurity is important, but it often falls to the wayside to prioritizing treating patients. Cyberattacks will only hurt patients as their private, personal information is leaked and potentially held for ransom.  

Information that was secure six months ago can change in an instant. More companies are shifting to access management models and modern security strategies, such as:  

• restriction of network access  
• enhanced physical controls, such as restricted control areas  
• access entitlement that is appropriate to the job function  
• expanded use of automation and artificial intelligence tools for security operations  
• increased accountability among employees  
• enhanced identity and access management techniques. 

As hackers advance their tools and tactics, healthcare officials must stay on top of risk assessments and provide effective, ongoing employee training. Delivering targeted, on-the-spot education when healthcare employees improperly access data is 95 percent effective in preventing future misuse, the report found. Meanwhile, the training can also help protect employees from falling for phishing attempts.  

Hospitals and other healthcare facilities are beginning to invest in automation and artificial intelligence to further protect patient data. However, with more technology comes the risk of more cyberattacks. It is imperative that healthcare leaders remain vigilant when it comes to their cybersecurity protocols and make adjustments as needed.   

The FBI, CISA and HHS urged healthcare organizations to implement the following measures to protect against malicious activity:   

• Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching virtual private network servers, remote access software, virtual machine software and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.    
• Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.    
• Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks.    
• Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.    
• Protect stored data by masking the permanent account number when it is displayed and rendering it unreadable when it is stored through cryptography, for example.    
• Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.    

Mackenna Moralez is the associate editor of the facilities market.