If there ever was a year to remind us just how important our healthcare services are, 2020 would be it. Yet, as citizens across the world have celebrated those on the front line of healthcare, malicious actors have seized the opportunity to take advantage of pandemic-caused disruption.
As part of National Cybersecurity Awareness Month, it is crucial that we take a moment to reflect on how we can ensure this most important of industries is safeguarded against mounting cyberthreats – particularly as technology becomes increasingly central to improving health outcomes and diagnoses across the world.
Why has the healthcare industry become such a target for cyberattacks?
Before computers became the default way for medical staff to keep track of patient records, most important information in the healthcare industry was handwritten, filed, and physically locked away. As such, it was highly unlikely that an unknown malicious actor, based thousands of miles away, would ever be able to access personal data and health records.
The internet changed almost everything – creating huge efficiencies but also providing an opening for data breaches. The healthcare landscape has evolved within the digital world – seen most strikingly during the coronavirus pandemic. With patients encouraged to physically distance themselves, there has been a rise in telemedicine, whereby doctors check on their patients remotely by app or video link. Indeed, virtual healthcare interactions look set to top 1 billion by the end of 2020, according to analysts.
What’s more, entire medical histories are often now digitised. Our medical details are stored in databases and shared between doctors, pharmacists, and other medical professionals with one click – making it easier for your insurer to approve healthcare requests and for you to pick up prescriptions even if you are across the country.
Lastly, there is a significant increase in the number internet-connected medical devices which are set to save the healthcare industry $63 billion by 2022. Ultrasounds, thermometers, glucose monitors, electrocardiograms, and more are all starting to become connected and letting patients track their health, in real-time, without the need of a doctor. As this technology develops, there can be no doubt that it will radically change the way in which we receive healthcare.
All of these brilliant developments have fundamentally transformed a once analogue sector, but at the same time, have exposed the healthcare industry to opportunistic cybercriminals to exploit. The increase in the number of healthcare-related cyberattacks this year are an unfortunate testament to this.
How can hackers gain access to healthcare data and networks?
This wave of digitalisation has also significantly increased the number of third parties – who work in supporting roles alongside central healthcare providers – entering the health supply chain. This has resulted in an industry with a higher number of attack vectors than ever before.
Email, for example, is a popular route for hackers to use to exploit a third-party’s access rights and gain entry to a central database. Using tactics such as phishing attempts, hackers will try to gain entry to a third-party vendor’s vetted, yet still un-secure, network access. Once inside the network, the malicious actor will steal healthcare records before often trying to ransom the data back to the healthcare organisation.
All this effort to compromise healthcare systems is due to the fact that personal data in the healthcare sector is incredibly valuable, with researchers suggesting that the price of one healthcare record sold on the black market is over $250 (card details – the next highest priced assets often go for an average price of $5).
In 2020, we’ve seen, more than ever before, the tangible consequences of cyberattacks in this industry. A woman in Germany, for example, was declared the first person to die of ransomware, after her ambulance was re-routed to a hospital farther away from the one near her home due to the fact servers at this hospital were in the midst of an attack.
So how can we protect the healthcare sector?
Because of the desirability of the data and the lure of monetary gain, it is important that the threat of cyberattacks is not underestimated by healthcare industry IT professionals, and that steps are taken to safeguard this data. For instance, given the threats associated with unsecured digital medical records, healthcare providers should make sure they use proper encryption and key management to protect such sensitive data.
In addition, healthcare companies need to check that security measures have been built into to their devices and systems at their conception, so that they have maximum security protections from day one. With embedded SIMs, or eSIMs as they are often called, connected healthcare devices can be authenticated during provisioning, in real-time, continuously, so that any changes in the network it runs on are detected before a compromised device starts making harmful actions.
Working alongside the healthcare provider we can also perform technical threat analysis to help shield them from cyberattacks. This process involves identifying risks, evaluating the likelihood of different type of cyberattack, and implementing solutions together.
Finally, clinicians also have a vital role to play. Adding an extra layer of authentication to safeguard patient’s data from cyberattacks is a vital component of healthcare. They share responsibility, along with medical schools, in teaching the next generation of medical students about the importance of cybersecurity.
After all, maintaining organisational efficiency, improving patient care, and ensuring the speed of crisis response is upheld, now relies on digitalisation, which ultimately means cybersecurity is at the very core of the healthcare revolution.
Read more at Woods LLP
Licensed from https://dis-blog.thalesgroup.com/security/2020/10/29/protecting-the-healthcare-industry-from-cyber-threats/