In today’s technologically dependent society, cybersecurity is an essential aspect of all businesses in every industry, but it is perhaps most important and prevalent in the healthcare sector due to the valuable information that is contained in healthcare records. As technologies continue to advance in healthcare, so does the risk of a cybersecurity attack.
Healthcare practices are continuously growing and evolving to provide the most advanced patient care possible. This is due in part to advances in mobile medical devices, artificial intelligence, virtual systems for patient charting and records and telemedicine. However, with these advances, come constant threats to these technologies through cyberattacks.
Hospitals maintain a plethora of sensitive and confidential information in a patient’s medical records. This is known as Patient Health Information or PHI and is extremely valuable on the black-market due to the completeness of information the record contains.
All around the world people in need are seeking continuous medical attention, therefore a hospital must constantly be preforming at an optimal level. Hackers know how valuable it is for the hospitals to maintain complete functionality of their equipment to provide patient care and often plan their attacks through e-mail phishing, ransomware attacks, loss or theft of equipment data, insider, accidental or intentional data loss, and against connected medical devices that may affect patient safety. The most common threat is ransomware attacks, which restrict hospitals’ access to patient information and functionality of their equipment and the medical devices being worn by patients. The hackers will only allow a company access to this data if they pay their ransom. Most notably, this attack was globally executed in May 2017 with the WannaCry ransomware attack.
The WannaCry ransomware attack in May 2017 hit more than 300,000 machines in 150 countries and targeted operating systems utilizing a version of Windows 7. The systems were targeted due to a vulnerability in the system that allowed hackers to gain access and deploy ransomware. The vulnerability was discovered by Microsoft in March 2017, at which time they made available a patch to correct the issue. Systems that did not perform this simple update were and continue to be at high risk for this attack.
Ransomware attacks such as the WannaCry attack can constantly increase in size and amount due to hospitals continuing to digitize and automate processes to maintain and share patient information, as is demonstrated through telemedicine. This is compounded by the fact that by January 2020, it’s expected that about 70% of devices in healthcare organizations will be running unsupported Windows operating systems. It costs about $1M to recover from a cyberattack alone, plus the loss of credibility and trust of public. With the help of Withum’s Cybersecurity and Healthcare Services teams, these costs can be avoided, and reputation maintained by implementing a proactive approach ensuring security to your organization before the damage is done.
Withum provides complete comprehensive cyber consulting services, as opposed to most others who solely focus on an individual aspect of a cybersecurity system. Withum’s approach encompasses the National Institute of Standards and Technology’s Cybersecurity Framework for the cybersecurity lifecycle of any organization: Identify, Protect, Detect, Respond and Recover. With this methodology, Withum can formulate the best action plan to prevent any potential threats to cybersecurity systems. Withum will first identify the “crown jewels” that need to be protected and assess the current level of preparedness of an attack. Second, they will develop a list of compliance policies and procedures by training employees and evaluating cyber insurance, if any. Third, they will find vulnerabilities and weaknesses in the current system and can perform a controlled cyberattack to highlight these weaknesses. By doing these three assessments, a strong cybersecurity policy can be implemented by the client to strengthen their IT systems. Withum can also help respond and recover from cyberattacks to minimize the impact of damage, as well as assess and locate how the company was breached.
This overall comprehensive approach by Withum can prevent massive economic losses and defamation for a company. Our professionals are fully aware of the imperative need for cybersecurity in healthcare systems and hospitals and how vital it is to assess and plan to secure patients’ information and your organization. Please contact one of Withum’s team members by filling out the form below for a complimentary consultation.
Authors:Domenic Segalla | [email protected] and Alex Hunt | [email protected]
