Modern healthcare relies on sharing patient data, while also striving to keep it secure. In a technology heavy sector such as healthcare that handles sensitive data, security must be paramount. Yet those on the frontline – by the very nature of their life-saving roles – don’t necessarily have the time or inclination to always act in the most security-conscious way. According to Jonathan Whitley of WatchGuard Technologies, they need to rely on security technology, but don’t want to be bothered with complexity in terms of access, use and data sharing.
“In such a broad IoT environment patient data is always in transit, leaving endpoints vulnerable to cybersecurity threats,” he says. “The adoption of new technologies is also rapid in the healthcare sector, adding to the risk. Patient care often trumps security concerns, certainly at treatment level, but having a strong cybersecurity posture is critical to ensure the delivery of quality care across the board.”
There’s seemingly a daily barrage of news articles reporting the cyberattacks. Reports suggest the number of ransomware attacks on healthcare organisations increased 94% from 2021 to 2022, with the rise in cases due to cyber attackers’ awareness of the deadly consequences of an attack, and the need for urgent response on the organisation under attack. Most of those victims of ransomware in healthcare pay the ransom.
“There is work to be done, and that starts with ensuring greater awareness of security gaps, issues, and threats,” says Whitley.
The health of the healthcare sector
Gartner Peer Insights and Watchguard recently surveyed 100 IT and security professionals in healthcare to learn if companies are taking the necessary steps to enable a strong password security culture and posture.
“The survey revealed that almost half the respondents have experienced a data breach in the last two years,” said Whitley. “53% said they use tools targeted in software supply chain attacks - but were able to patch before an issue was detected. 78% said they have experienced service disruptions due to malicious activity and/or fell victim to a ransomware attack.”
End-of-life systems are identified as a root cause, while phishing attacks are an overwhelming shared concern, followed by ransomware.
When asked what unique security challenges make the healthcare industry more vulnerable to an attack, the top threats were seen as:
- Legacy tech/systems (81%)
- Talent gaps (58%)
- Outdated security (51%)
“The survey also underlined the range of issues an attack creates,” says Whitley. “Most said a security breach led to operational outages, followed by lawsuits, loss of IP and loss of patient data. But there are also crucial matters such as critical operating data loss, revenue loss and erosion of patient trust, not to mention reputational harm, data corruption, downtime, and recovery time. There is also the potential to reduce the level of patient care and outcomes.
“Despite people being the common denominator in all data breaches – whether intentional or not – credential protection methods, such as MFA, are not broadly adopted in healthcare. Only 24% of respondents said they have MFA authentication policies in place. Only 35% of healthcare leaders are utilising identity security to address security events - a critical point of entry in most attack scenarios.”
Many healthcare providers offer a plethora of integrated health solutions and this increasingly connected environment leaves them more vulnerable to attack.
“Beyond the firewall, 61% of healthcare leaders reveal they are most concerned about the vulnerability of cloud storage. Only 26% consider smart medical devices, intelligent tools and wearable devices as vulnerable to cyber risk.”
In terms of protocols employed to protect patient data, 68% follow specific protected health information (PHI) protocols, while 64% encrypt all patient data.
“Some 60% of those surveyed comply with all HIPAA requirements, and 43% say they follow privacy guidelines such as GDPR,” continues Whitley. “While 53% say they undertake consistent security risk assessments, just 24% employ risk-based authentication policies to control who accesses patient data. While a majority of respondents 58% say their organisations have web-connected medical devices, more than half of those 57% outsource cyber security threat monitoring to an MSP.”
Cybersecurity attacks, data integrity and high latency are the top three concerns the healthcare leaders surveyed have regarding web-connected medical devices.
“In the last year, the survey respondents suggest that third-party security management 54%, resource constraints 45% and mobile device security 39% are the biggest challenges in managing patient data security,” said Whitley.
To encourage employee adoption of security measures, healthcare IT professionals revealed they are taking measures including:
- Sending test phishing emails (68%)
- Increasing IT security training (62%)
- Adopting compliance policies (52%)
- Making corporate security certification mandatory for employees (49%)
What the healthcare industry says
Whitley believes that it’s time the inefficient, overly complex and outdated ‘patchwork’ approach to security is removed.
“The current approach – highlighted by the survey and the rising number of ransomware and other cyber attacks – isn’t working, and not only creates heavy management burdens, but also unprotected, unsafe environments,” said Whitley. “One solution is WatchGuard’s Unified Security Platform architecture, which delivers a simplified, but comprehensive, automated and centralised security suite for the healthcare industry.”
Cybersecurity technology needs to be powerful and yet simple to use. With the healthcare sector facing a barrage of security threats and issues every day, it’s time to act.
“Healthcare leaders need to understand the holistic security of their organisations and take the best possible steps to quash threats - before we read of yet another ransomware attack on a critical healthcare facility.”
Other magazines that may be of interest - Manufacturing Magazine.
BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEO's, CFO's, CMO's, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.
BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.