Light Dark
May 1, 2023 By Jennifer Gregory 3 min read
News

Reporting on cybersecurity issues tends to focus on the results of a breach. However, the most important takeaway is how an event happened in the first place. By understanding the incident’s cause and the direction of cyber crime trends, healthcare organizations can more effectively protect their data, their infrastructure and their reputation.

Theft and unauthorized access to financial assets often make headlines because they’re dramatic. But the hacking of healthcare systems is now a top concern, and healthcare organizations must proactively protect themselves against these attacks.

Has healthcare finally reached a plateau in terms of the number of breaches the industry experiences? After a 250% rise in breach numbers from 2011 to 2021, the Fortified Health Security 2023 Horizon Report revealed that the number of breaches did decrease slightly in 2022. However, according to the IBM 2022 Cost of a Data Breach report, the healthcare industry is still the costliest industry for a breach —  at $10.1 million on average — for the twelfth year in a row.

Hacking is now the biggest threat to healthcare

Despite breaches on the downward trend, hacking remains a pressing concern. Fortified Health found that 78% of data breaches in 2022 were from hacking and IT incidents, an increase from 45% in 2018. Unauthorized access — the second leading cause — accounted for 38% of incidents in 2018 and now is only responsible for 16%. Other causes noted were theft, loss and improper data disposal.

Hacking isn’t a single type of threat. It is the act of compromising something — a device, a network, a database. Hacking encompasses many different ways in which cyber criminals gain access to infrastructure, data and devices. Press releases regarding incidents typically focus on the type of attack, not how it actually happened. This causes the focus on hacking to veer away from the information which can better protect organizations in the future.

Each time someone falls prey to social engineering that allows unauthorized access, hacking is what sets up the scheme. Every virus or malware falls under the umbrella of hacking; even ransomware is a form of hacking. And while hacking makes many of us envision someone acting alone in their basement lair, modern malicious actors are highly sophisticated and a major threat to healthcare and other organizations.

Cyber criminals specifically targeting healthcare

Attackers often set their sights on healthcare organizations because breaches and incidents have a high impact. Because healthcare is an essential service, organizations are more likely to pay ransoms to provide continuous care when business disruptions can have devastating consequences. Additionally, healthcare organizations possess high-value data, such as personal and financial information. Attackers can often resell records for high prices on the dark web.

Healthcare also offers a tempting target because many providers and organizations have legacy infrastructure and hardware. The lack of modern infrastructure and disjoined systems make it very challenging to protect against cyber threats. Attacks often go undetected for longer periods of time than other industries because the silos and multiple systems — often on-premise — make it hard to spot suspicious activity.

Reducing the risk of hacking

Healthcare organizations must proactively take steps to reduce hacking. Here are ways to lower risk at both large and small organizations:

  • Ensure all devices follow best security practices. Many healthcare organizations are increasingly using mobile devices for patient care and communication. Require employees to use strong passwords and keep all software updated on the devices.
  • Provide training to employees and contractors. With temporary employees often working in healthcare, you must be extra vigilant about making sure that everyone accessing the network receives training on best practices. Spotting phishing attacks and knowing the steps to take if you fall victim are especially important skills.
  • Use microsegmentation as a part of your zero trust model. By making sure that employees only have the access that they need to do their job by only providing access to the smallest possible part with microsegmentation, you can reduce risk, especially of social engineering and malware attacks. If an attacker breaches your organization, then the cyber criminals only gained access or damaged a very small part of the network.

Hacking is not a new threat to healthcare. But with the increased use of devices and remote work, the opportunities for hacking are higher than ever. By understanding your vulnerabilities and taking proactive action, you can reduce your risks of being hacked.

 |  |  |  |  |  |  |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
April 22, 2024

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting…

April 15, 2024

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

April 8, 2024

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature