Prevention is the Cure for Cyber Attacks in Healthcare Industry
Cybersecurity breaches in the healthcare industry are particularly devastating. In addition to being exorbitantly expensive— in 2018, the average cost of a healthcare data breach was $408 per compromised record, amounting to billions of dollars lost— the data is especially sensitive, as it contains patients’ personal health information. On top of that, many countries, including the U.S., have strict laws with high data standards and steep penalties for failing to meet them.
The recent SingHealth breach—the largest cyberattack ever in Singapore— resulted in the stolen personal data of 1.5 million patients, including the Prime Minister’s personal medical records. The 2017 WannaCry ransomware attack on the National Health Service in England crippled the entire system, resulting in a complete temporary shutdown. 6,912 appointments were cancelled, including operations, and 139 suspected cancer patients had urgent referrals cancelled.
Recent U.S. victims include HealthEquity, Atrium Health, Med Associates, Centers for Medicare and Medicaid services, Minnesota Department of Human Services, Blue Cross and many, many others. One of the largest healthcare breaches happened in 2015, when Anthem, the second-largest health insurer in the U.S., compromised 78.8 million current and former customers’ data—including names, addresses, Social Security numbers, dates of birth, and employment histories of current and former customers.
The healthcare industry is unique in its many vulnerabilities to cyberattacks. First, hospitals and healthcare organizations typically depend on their networks for patient records, prescriptions, and scheduling. While a cyberattack would cause chaos for any organization, in healthcare, that chaos has a direct impact on life or death situations. Also, healthcare organizations rely heavily on connected devices (the Internet of Things) for everything from taking vital signs to performing surgery. These connected devices can give malicious actors more ways into the network to cause mayhem.
What can be done?
In December of 2018, a task force of public-and private-sector leaders helped the U.S. Department of Health and Human Services (HHS) release Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. The recommendations in this four-part guidance are only voluntary and do not impose any new legal obligations. While this is a great step for cybersecurity awareness, each organization is still on its own to determine their best approach to cybersecurity. Healthcare organizations must invest in proactive cyber defense.
Cyber threat intelligence sharing is fundamental to both improving a healthcare organization's cyber-defense capabilities and evolving those capabilities as the risks change over time. Using cyber threat intelligence effectively allows security teams to be proactive in protecting the things healthcare organizations most want to protect, such as patient data.
NC4’s Cyber Defense Network is built with today's changing cyber landscape in mind. It gives healthcare organizations a central place to collaborate on threat data and see what actions their peers are taking. It also accelerates defensive actions by enabling security teams to take action on threats from within the Cyber Defense Network.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.