2017 was the year when relentless cyber-attacks happened in the healthcare industry. Who will ever forget the catastrophic WannaCry malware that caused problems to different hospitals all over the United Kingdom? The thing is that this incident is not isolated and that the healthcare industry is known to have the worst cybercrime incidence of all sectors. In fact, the cost of a breach in the healthcare security is $380 per capita. Below are the top 10 security threats that the healthcare industry should watch.
Ransomware and Other Malware
Malware poses a severe problem in the healthcare industry. It is essential to take note that the healthcare industry works in an intricate and interconnected network of information. Malware and ransomware can cause the inaccessibility to information within the industry. The WannaCry attack, for example, forced hospitals to shut down because they could not access the records of their patients.
Phishing emails pose threats to the personal data and information stored in a particular healthcare setting. They start out as innocent emails that are embedded with malware. Once you open it, it releases the malware that can phish for data such as login credentials to access vital patient information.
Insider threats can be carried out by patients as well as staff and can either be accidental or intended. According to the 2017 HIMSS survey, experts found out that insider threats pose as much as 75% of the cyber threats in the healthcare industry.
Increased Use of Cloud Computing
Online security in cloud computing is often compromised. And while the use of cloud computing in the healthcare industry is projected to rise to 20.5% by 2020, little is done when it comes to online security. Protecting the data during transit across different web services does require not only robust encryption methods but also efficient authentication.
Internet of Things Attacks
Recently, the healthcare industry has embraced the Internet of Things to improve the patient experience. While it is done to improve the patient outcomes, IoT poses threats as the data stored can be stolen by hackers. Hackers can make the data can be inaccessible or skewed, and this can disrupt the treatment of patients.
Weak I.T. Healthcare Security Providers
The TRICARE breach is a perfect example that the supply chain in the healthcare industry is weak and, at the most, negligent. This led to the exposure of 4.6 million patient records. The problem is that a variety of suppliers within the healthcare industry provide poor service regarding cybersecurity. Hopefully, with more focused I.T. healthcare professionals, this can change.
Many massive breaches within the healthcare industry are caused by authentication issues. Using weak passwords can be dangerous. This is the reason why two-factor, as well as risk-based authentication, are popular as they offer a higher degree of mitigation against phishing and security attacks.
Legacy Apps Still Being Used
Many hospitals are still using legacy apps or old apps to preserve the data of their patients. However, using legacy applications give cybercriminals a significant opportunity to take advantage of the vulnerability of old operating systems and structures.
Poor Funding Affecting Security
Many hospitals are up against poor funding regarding cybersecurity. The thing is that robust security programs cost money for both training and implementation. Unfortunately, not too many hospitals are keen on spending money on high-end security infrastructure. But the constant cyber-attacks within the healthcare industry should change their minds.
Poor Security Awareness Program
Security is a problem for everyone within the organization. While most hospitals are using technology to integrate information, employees are not fostering a culture of security. They still use weak passwords and seem not to be careful in opening emails. This is a big problem, and a habitual problem is often hard to correct. Hospitals and medical practices must find ways to build more awareness about security and its importance in the workplace.
Inspired by resources.infosecinstitute.com