Light Dark
May 1, 2023 By Jennifer Gregory 3 min read
News

Reporting on cybersecurity issues tends to focus on the results of a breach. However, the most important takeaway is how an event happened in the first place. By understanding the incident’s cause and the direction of cyber crime trends, healthcare organizations can more effectively protect their data, their infrastructure and their reputation.

Theft and unauthorized access to financial assets often make headlines because they’re dramatic. But the hacking of healthcare systems is now a top concern, and healthcare organizations must proactively protect themselves against these attacks.

Has healthcare finally reached a plateau in terms of the number of breaches the industry experiences? After a 250% rise in breach numbers from 2011 to 2021, the Fortified Health Security 2023 Horizon Report revealed that the number of breaches did decrease slightly in 2022. However, according to the IBM 2022 Cost of a Data Breach report, the healthcare industry is still the costliest industry for a breach —  at $10.1 million on average — for the twelfth year in a row.

Hacking is now the biggest threat to healthcare

Despite breaches on the downward trend, hacking remains a pressing concern. Fortified Health found that 78% of data breaches in 2022 were from hacking and IT incidents, an increase from 45% in 2018. Unauthorized access — the second leading cause — accounted for 38% of incidents in 2018 and now is only responsible for 16%. Other causes noted were theft, loss and improper data disposal.

Hacking isn’t a single type of threat. It is the act of compromising something — a device, a network, a database. Hacking encompasses many different ways in which cyber criminals gain access to infrastructure, data and devices. Press releases regarding incidents typically focus on the type of attack, not how it actually happened. This causes the focus on hacking to veer away from the information which can better protect organizations in the future.

Each time someone falls prey to social engineering that allows unauthorized access, hacking is what sets up the scheme. Every virus or malware falls under the umbrella of hacking; even ransomware is a form of hacking. And while hacking makes many of us envision someone acting alone in their basement lair, modern malicious actors are highly sophisticated and a major threat to healthcare and other organizations.

Cyber criminals specifically targeting healthcare

Attackers often set their sights on healthcare organizations because breaches and incidents have a high impact. Because healthcare is an essential service, organizations are more likely to pay ransoms to provide continuous care when business disruptions can have devastating consequences. Additionally, healthcare organizations possess high-value data, such as personal and financial information. Attackers can often resell records for high prices on the dark web.

Healthcare also offers a tempting target because many providers and organizations have legacy infrastructure and hardware. The lack of modern infrastructure and disjoined systems make it very challenging to protect against cyber threats. Attacks often go undetected for longer periods of time than other industries because the silos and multiple systems — often on-premise — make it hard to spot suspicious activity.

Reducing the risk of hacking

Healthcare organizations must proactively take steps to reduce hacking. Here are ways to lower risk at both large and small organizations:

  • Ensure all devices follow best security practices. Many healthcare organizations are increasingly using mobile devices for patient care and communication. Require employees to use strong passwords and keep all software updated on the devices.
  • Provide training to employees and contractors. With temporary employees often working in healthcare, you must be extra vigilant about making sure that everyone accessing the network receives training on best practices. Spotting phishing attacks and knowing the steps to take if you fall victim are especially important skills.
  • Use microsegmentation as a part of your zero trust model. By making sure that employees only have the access that they need to do their job by only providing access to the smallest possible part with microsegmentation, you can reduce risk, especially of social engineering and malware attacks. If an attacker breaches your organization, then the cyber criminals only gained access or damaged a very small part of the network.

Hacking is not a new threat to healthcare. But with the increased use of devices and remote work, the opportunities for hacking are higher than ever. By understanding your vulnerabilities and taking proactive action, you can reduce your risks of being hacked.

 |  |  |  |  |  |  |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now. The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP). DMP’s benefits and vulnerabilities DMP predicts memory addresses that the…

April 22, 2024

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role. “In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature