This month, many cyberattacks and cybersecurity alarm bells have been ringing in the healthcare industry. The FBI warned healthcare facilities that digital medical devices often run on outdated software that could be powerless to hacks.
OakBend Medical Center, Texas, was hit with a substantial ransomware attack from a gang that says it stole 1 million patient records. A report revealed that hospital patients dealing with cyberattacks are more likely to perish.
The series of alarms come with a growing awareness of how dangerous cybersecurity holes in healthcare can be. For example, healthcare organizations are more and more conditional on internet-connected devices to do items like track patient records and supply medications. And they’re increasingly a mark for ransomware attacks, which can rob data and shut down the systems they use to deliver care.
Experts spent years frustrated that hospitals weren’t taking cybersecurity seriously. But throughout the COVID-19 pandemic, that tide started to shift. With its warning this week, the FBI joins Congress in handling medical device vulnerabilities thoughtfully — earlier this summer, senators offered legislation requiring the Food and Drug Administration to implement more standard guidelines around medical device cybersecurity. The FDA also asked for more power to make rules around cybersecurity.
There’s also more awareness around how cyberattacks can hurt patients, which many people in healthcare have been reluctant to acknowledge. For example, during the pandemic, a cyberattack at the University of Vermont Health Network allowed researchers to show clearly that these disorders degrade patient care. Last year, a survey found that over two-thirds of healthcare organizations struck by ransomware had more comprehensive hospital stays for patients and procedural delays during the attacks.
Healthcare leaders are willing to raise spending on cybersecurity. But with new hazards uncovered daily, it isn’t straightforward to know where an organization would be more suitable to invest its budget. Healthcare is now the most significant target for online attacks because of the high demand for patient data and often-outdated procedures.
Reasons for Cyberattack on Medical Business
Patient data is worth a lot of cash to attackers: Hospitals hold an incredible amount of patient data. Confidential information costs a lot of money to hackers who can market it quickly – making the industry a growing target.
- These organizations have to save their patients’ records. With GDPR reaching into play this year, it’s increasingly important for hospitals to secure their information.
- Medical devices are an effortless entry point for attackers: Medical devices satisfy specific purposes – like monitoring heart rates or dispensing drugs. Hackers know that medical devices don’t include any patient data themselves. Secure network devices support and limit the harm caused by an attack on medical devices.
- Staff needs to access data remotely, opening up more opportunities for an attack: Compromised instruments must never access the network, as just one hacked device can exit a whole organization wide open. One choice for organizations with staff working across devices is risk-based authentication (RBA).
- Workers don’t want to disrupt timely working practices with new technology: Healthcare staff are some of the country’s most dynamic and in-demand. Teamwork long hours and tight deadlines, so they don’t have the time or help to add online security procedures to their workload. Medical experts need slick working practices with minimal distractions.
- Healthcare staff isn’t educated on online risks: Medical professionals lack the expertise to recognize and mitigate online threats. Budget, resources, and time constraints mean all healthcare staff can’t be fluent in cybersecurity best practices.
- The number of gadgets used in hospitals makes it hard to remain on top of security: Modern healthcare organizations are responsible for enormous amounts of patient data, plus a comprehensive network of connected medical gadgets. Larger organizations can haggle with thousands of medical devices linked to their network, each posing a possible threat to attackers.
- Healthcare information requires to be open and shareable: Confidential patient data must be accessible to staff, on-site and remotely, and on multiple devices. The medical industry’s typically urgent nature means a team must be able to share data immediately. There’s no time to wait and consider the security implications of their devices.