A few months ago, the U.S. government warned of an increase in cybercrimes against hospitals and healthcare providers. Many hackers want to take advantage of the disruption that COVID-19 is causing in the industry. From ransomware to data theft to interference with services, online criminals are using a variety of different methods to hack in and gain access to healthcare computer systems.
One study by Comparitech found there were 92 ransomware attacks that hit 600 different clinics, hospitals, and healthcare providers last year alone. The cost is estimated to be nearly $21 billion. Over 18 million patient records have been at risk. When compared with 2019, researchers say there has been a 60 percent increase in attacks on healthcare organizations.
Healthcare is Primed for Cyberattacks
The healthcare industry is a prime target for cyberattacks due to the connectivity of computers, medical devices, and patient data. A rising number of organizations are falling prey to hackers, including hospitals, pharmaceutical companies, and biomedical businesses. Unfortunately, many of these companies are not in a position to protect their systems and data as well as those in other industries.
One key factor may be the prevailing view that healthcare executives have when it comes to technology. Most consider cybersecurity a compliance issue rather than a business risk. From this perspective, healthcare organizations have not invested in technology or training up staff in proper cyber hygiene practices. This lack of preparation has left healthcare companies at high risk for cyber attacks. Compared with other industries such as the banking and finance sector, healthcare CIOs have not taken cybersecurity as seriously as it should.
Hospital IT Needs to Bolster its Security Practices
As a response to the increase in attacks on hospitals and other healthcare centers, IT leaders need to strengthen their security practices. Protecting systems and patients can be done in several ways, starting with innovative cybersecurity solutions.
It begins with healthcare CIOs realizing the threat and taking it seriously. Unfortunately, one survey found that 96 percent of IT professionals said that data hackers had a leg up when it comes to technology. Most budget allocation for cybersecurity is not proactive but instead a response to a data breach the organization experienced.
Another high-risk factor cause by COVID-19 is the increase in remote work. Employees working from home have been given little direction with regards to cyber hygiene. Only 10 percent of healthcare or hospital workers who shifted to at-home work received updated guidelines. Healthcare CIOs need to train employees on basic cybersecurity practices, such as recognizing phishing attacks.
IT departments need to actively monitor the devices, computers, and systems at their organization. Hospitals using IoT connected devices should have a process for tracking key data like IP addresses, printers, and local area networks. Moreover, there needs to be an established procedure to disconnect devices or systems quickly when an anomaly is detected.
Ransomware is the Chief Concern
Ransomware has been a major problem for medical facilities. What can make it worse is when a healthcare provider pays the ransom, which only encourages attackers. While the total amount paid in ransomware attacks last year is scarce, data from three attacks published by Comparitech shows how profitable these types of cybercrimes can be:
- Champaign-Urbana Public Health District paid over $300,000;
- The University of San Francisco’s School of Medicine paid $1.14m;
- The University Hospital New Jersey paid $672,744.
Downtime can add to the cost of ransomware attacks. Hours, days, weeks, and even months can be spent trying to get systems back up and running.
Healthcare workers are prime targets for ransomware attacks as many are stressed, overworked, and worn out from responding to the COVID-19 pandemic. Many employees may be more likely to click on risky links sent via email or text message in their weakness.
Being informed, prepared, and proactive is vital to protect healthcare organizations from cyberattacks. Healthcare CIOs need to invest in security tools, train staff in cyber hygiene practices, and update policies and procedures for remote workers. While there are no guarantees when it comes to cyberattacks, the more protection you can place around your organization, the less damage a hacker can cause.