In today’s technologically dependent society, cybersecurity is an essential aspect of all businesses in every industry, but it is perhaps most important and prevalent in the healthcare sector due to the valuable information that is contained in healthcare records. As technologies continue to advance in healthcare, so does the risk of a cybersecurity attack.
Healthcare practices are continuously growing and evolving to provide the most advanced patient care possible. This is due in part to advances in mobile medical devices, artificial intelligence, virtual systems for patient charting and records and telemedicine. However, with these advances, come constant threats to these technologies through cyberattacks.
Hospitals maintain a plethora of sensitive and confidential information in a patient’s medical records. This is known as Patient Health Information or PHI and is extremely valuable on the black-market due to the completeness of information the record contains.
All around the world people in need are seeking continuous medical attention, therefore a hospital must constantly be preforming at an optimal level. Hackers know how valuable it is for the hospitals to maintain complete functionality of their equipment to provide patient care and often plan their attacks through e-mail phishing, ransomware attacks, loss or theft of equipment data, insider, accidental or intentional data loss, and against connected medical devices that may affect patient safety. The most common threat is ransomware attacks, which restrict hospitals’ access to patient information and functionality of their equipment and the medical devices being worn by patients. The hackers will only allow a company access to this data if they pay their ransom. Most notably, this attack was globally executed in May 2017 with the WannaCry ransomware attack.
The WannaCry ransomware attack in May 2017 hit more than 300,000 machines in 150 countries and targeted operating systems utilizing a version of Windows 7. The systems were targeted due to a vulnerability in the system that allowed hackers to gain access and deploy ransomware. The vulnerability was discovered by Microsoft in March 2017, at which time they made available a patch to correct the issue. Systems that did not perform this simple update were and continue to be at high risk for this attack.
Ransomware attacks such as the WannaCry attack can constantly increase in size and amount due to hospitals continuing to digitize and automate processes to maintain and share patient information, as is demonstrated through telemedicine. This is compounded by the fact that by January 2020, it’s expected that about 70% of devices in healthcare organizations will be running unsupported Windows operating systems. It costs about $1M to recover from a cyberattack alone, plus the loss of credibility and trust of public. With the help of Withum’s Cybersecurity and Healthcare Services teams, these costs can be avoided, and reputation maintained by implementing a proactive approach ensuring security to your organization before the damage is done.