The Biggest Threat To Security Of Healthcare Data

 Chief Healthcare Executive explains

Malware and ransomware are two of the most common threats to the security of healthcare data today. Malware is malicious software that is designed to steal or manipulate data, while ransomware is malicious software that encrypts data and demands a ransom in exchange for the decryption key.

For most enterprises and businesses, ransomware and malware pose very serious threats to the sustainability and continuity of business operations and can lead to revenue losses or dips in customer trust. In healthcare, the role of cyber security services is even greater.

The continuity and maintenance of life-saving operations and the protection of Personal identifiable information (PII) and Protected health information (PHI) is what’s on the line. As ransomware operators increasingly target healthcare organizations, here’s what you need to know.

Ransomware Attacks On The Rise

According to federal authorities, the FBI received more reports of ransomware attacks on the healthcare and public health sectors than on any other critical infrastructure sectors in 2022.

Chief Healthcare Executive explains, “The FBI received 870 reports of ransomware attacks aimed at organizations belonging to 16 critical infrastructure sectors. The healthcare sector topped the list with 210 reports of ransomware attacks, well ahead of any other sector and at least twice as many as most others.

And the ransomware problem is only growing worse! According to research in the Journal of the American Medical Association, the number of attacks on U.S. hospitals each year has doubled between 2016 and 2021, from 43 to 91. Plus, according to federal records, healthcare breaches have exposed over 385 million patient records in the past 10 years

But it’s not just PII and PHI that are at risk when cyberattacks and cyber incidents occur: it is also an operational hazard for those in critical condition and those relying on essential healthcare operations. For example, just last month a hospital in Idaho was forced to divert ambulances to other hospitals for more than 24 hours due to a cyber incident. Operational downtime in the healthcare sector can have devastating (and potentially fatal) implications.

Here’s what your healthcare organization can do to ensure that you’re prepared when cyber incidents do occur.

Assume Breach

Make sure that you’re bracing for the worst proactively. In the industry we like to call this “assuming breach”. Ensure that you have a business continuity plan in place that accounts for the breaches and ransomware attacks that will inevitably occur within your organization.

To build cyber resilience proactively, leverage frameworks like Zero Trust – which encourages least privilege and limiting implicit access (therefore shrinking the attack surface) from the start. You can also adopt Zero Trust tools like Zero Trust Segmentation (designed to isolate attacks and minimize data and operations losses in the event of a breach) so your organization is better prepared to stop ransomware attacks before they can even begin.

At a more technical level, tools like Zero Trust Segmentation can help your organization better visualize traffic flow to and from cloud workloads and services, helping security teams’ pinpoint and remediate risk more proactively. And ring-fence applications and services with a single click – ensuring that when breaches or attacks happen; patient data (and other “crown jewels”) are safeguarded.

At a business level, incident response programs and partnering with third parties to proactively run tabletop exercises to test your response plan and its effectiveness ahead of time are extremely helpful too.  In short, the more prepared you can be for attacks to happen, and the more robust your business continuity plans, the better you’ll be able to keep patients’ PII and PHI secure.

To Top

Pin It on Pinterest

Share This