Employees Contribute to Large Sum of Cyberattacks

Guaranteed education can prevent future attacks.

By Mackenna Moralez, Associate Editor


Cyberattacks are becoming more common within the healthcare industry despite numerous warnings from top government agencies. Cyberattacks against healthcare facilities have increased 18 percent since 2022, compromising the patient records of 59.7 million individuals, according to a report by Protenus Breach Barometer.  

The report found that insider incidents occurred for more than 1 in 10 breaches, totaling 12 percent overall. Human error is largely to blame for most cyberattacks due to lack of training. Most healthcare workers use personal devices while on the job and only 51 percent have them securely enabled, according to a report by Endpoint Ecosystem last year. Meanwhile, 27 percent of employees have reviewed security policies less than once a year, while 39 percent received security awareness training less than once a year.  

Hospitals and other healthcare facilities are frequent targets of cyberattacks because they have a high number of electronic devices, systems are outdated, and healthcare staff are too busy to stay updated on proper cybersecurity training. The more vulnerable a healthcare system is, the more likely a patient will lose trust in its operations

Insider events tend to be the gateway for many ransomware attacks, according to the Protenus Breach Barometer report. Employees can easily be tricked to clicking on malicious links in emails, allowing hackers to seize millions of patients records in an instant. Many employees agree that cybersecurity is important, but it often falls to the wayside to prioritizing treating patients. Cyberattacks will only hurt patients as their private, personal information is leaked and potentially held for ransom.  

Information that was secure six months ago can change in an instant. More companies are shifting to access management models and modern security strategies, such as:  

  • restriction of network access  
  • enhanced physical controls, such as restricted control areas  
  • access entitlement that is appropriate to the job function  
  • expanded use of automation and artificial intelligence tools for security operations  
  • increased accountability among employees  
  • enhanced identity and access management techniques. 

As hackers advance their tools and tactics, healthcare officials must stay on top of risk assessments and provide effective, ongoing employee training. Delivering targeted, on-the-spot education when healthcare employees improperly access data is 95 percent effective in preventing future misuse, the report found. Meanwhile, the training can also help protect employees from falling for phishing attempts.  

Hospitals and other healthcare facilities are beginning to invest in automation and artificial intelligence to further protect patient data. However, with more technology comes the risk of more cyberattacks. It is imperative that healthcare leaders remain vigilant when it comes to their cybersecurity protocols and make adjustments as needed.   

The FBI, CISA and HHS urged healthcare organizations to implement the following measures to protect against malicious activity:   

  • Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching virtual private network servers, remote access software, virtual machine software and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.    
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.    
  • Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks.    
  • Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.    
  • Protect stored data by masking the permanent account number when it is displayed and rendering it unreadable when it is stored through cryptography, for example.    
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.    

Mackenna Moralez is the associate editor of the facilities market. 



February 28, 2023


Topic Area: Information Technology , Security


Recent Posts

Site Selection Mistakes: What Not To Do

Healthcare providers that treat site selection as a strategic decision, not a simple real estate deal, will be positioned for long-term success.


High-Performance EFCO Systems Shape MUSC's New Black River Medical Center

Case study: A sweeping curved-glass entrance, impact-resistant envelope and energy-efficient fenestration support a sustainable, resilient design for one of South Carolina’s newest rural hospitals.


Heritage Valley Health System to Officially Affiliate with Alleghany Health Network

With the affiliation now complete, Heritage Valley Beaver and Heritage Valley Sewickley will be rebranded.


The Impact of Acoustics on Patient Privacy

As healthcare facilities evolve toward more open and flexible care environments, acoustic privacy has become essential.


Texas Behavioral Health Center in Dallas Opens with Ribon-Cutting Ceremony

The 456,265-square-foot facility offers a variety of therapeutic, recreational and social spaces that prepare patients for life outside the hospital.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.