By Simeon Tassev, Managing Director and Qualified Security Assessor at Galix
Healthcare institutions, particularly hospitals, have long been a tempting target for cybercriminals. These institutions hold massive amounts of extremely sensitive and personal data that can be exploited in various cyberattacks. Moreover, with healthcare receiving more funding and grants due to COVID-19, it’s become a (perceived) easy target. The reality is that within healthcare’s IT systems lie critical patient information such as ID numbers, credit card and banking details and other highly sensitive data such as patients’ HIV status that can be used to cause considerable damage.
An ID number alone can fetch quite a price on the black market which is why the global healthcare system must stay ultra-vigilant and mitigate any damage and potential liability.
Currently, one of the most popular forms of cyberattack exploitation is blackmail. Unlike ransomware where cyber criminals hold company data to “ransom” with encrypted malware, they now simply gain access to sensitive data and threaten to expose it unless a specified amount is paid.
Healthcare institutions have no choice but to pay the blackmailed amount as exposing sensitive patient information can be disastrous to the individuals in question and overall patient confidentiality.
With the outbreak of COVID-19, hacking groups around the globe refrained from targeting healthcare institutions. However, this was short lived and in essence created a false sense of security which made healthcare institutions even more vulnerable.
Furthermore, healthcare institutions are the custodians of information and despite the call for individual cybersecurity vigilance, patients don’t have control over their information and can’t contribute in any way to protect the residing stored on these IT systems.
So, what can healthcare systems do to fortify its cyber security, particularly in an unprecedented time where healthcare workers are taking enormous strain to keep up with a daily influx of patients?
For one, healthcare organisations need to reinforce best practices in data protection, especially as it relates to the privacy and security of critical patient data. Security awareness is also key, cybercriminals target people, not only systems.
Educating all staff on the value of security is vital. With technology becoming more prevalent in everyday healthcare, it is important that the data protection becomes a fundamental component of modern-day medical practice.
Similarly, as cloud adoption accelerates across healthcare, efficient planning and controls must be put in place to mitigate vulnerabilities. Access to information from patients, caregivers, insurance agencies, and other stakeholders must be seamless and importantly, secure.
Lastly, and importantly, healthcare institutions must partner with security solution providers that provide expert services such as audits and solutions that will ensure organisations remain secure and resilient against any potential threats while focusing on its core competency.