According to Health Care Dive, cyber criminals are focusing more and more on smaller hospitals and health care administrators rather than large healthcare systems.
“Cyberattacks are increasingly being focused on smaller healthcare companies and specialty clinics without the resources to protect themselves, instead of larger health systems that — despite being treasure troves of personal and medical data — generally have more sophisticated security, according to a new report from Critical Insight.” (Health Care Dive).
However, the cyber landscape for the healthcare industry is surprisingly looking up.
“A 2022 IBM report found that healthcare is the 6th most attacked industry (up one place from 7th in the previous year). This increase in attacks is interesting when contrasted with the fact that total breaches along with individuals affected declined in the first half of 2022.” (Security Boulevard).
Despite this, the focus on technology used in widespread in healthcare is expected to continue.
“Overall breaches are steadily declining from their peak in the second half of 2020. But the trend of focusing on a systemic technology used across most providers is one the cybersecurity firm expects to continue throughout the remainder of the year, the report, which analyzes breach data reported to the HHS, said.” (Health Care Dive).
Ransomware attacks will continue to be front and center in cyber space for the healthcare industry.
“Double extortion tactics can prove particularly fruitful in healthcare. Before encrypting files, threat actors exfiltrate sensitive patient data and hold them to ransom with the threat of publishing the data on the dark web or reselling it if the provider doesn’t pay up. Some gangs have even moved on to triple extortion where the threat of a DDoS attack adds more incentive to give in to ransom demands. Healthcare providers have a low tolerance for downtime in their critical IT systems because operations and even human safety can depend on these systems being online. The crux of the story is that ransomware attacks on healthcare providers aren’t going away any time soon.” (Security Boulevard).
Smaller healthcare administrators will continue to be targeted.
“Smaller hospital systems and specialty clinics are rising to the top of those affected by hacking or IT incident breaches. Breaches associated with health plans dropped by 53%, but attacks against business associates jumped 10% and attacks against providers went up 15%.” (Health Care Dive).
Recent governmental precautions have been implemented.
“With healthcare being designated as one of the United States’ 16 Critical Infrastructure Sectors by CISA, its protection from cyber threats is clearly a national priority. An interesting development is a new proposed bill, the Healthcare Cybersecurity Act of 2022. This bill directs a collaborative effort between CISA and the U.S. Department of Health and Human Services to reduce cybersecurity attacks and data breaches in healthcare and public health.” (Security Boulevard).
Healthcare administrators should continue to strive for stronger cyber security.
“To cope better with considerable account compromise risks, healthcare organizations, (particularly large providers) should consider migrating to zero trust architecture. This architecture removes any implicit trust given to users on the network and assumes a threat actor is always lurking. With zero trust, access to resources is dynamically and continually authenticated based on the identity and context of each request. A policy engine typically makes access request decisions on a per-session basis by calculating a trust score (via an algorithm). Implementing zero trust in healthcare environments reduces the threat of account compromise and associated breaches of sensitive patient records, medical devices, and applications.” (Security Boulevard).
Have any questions about cyber-security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh South Carolina. Service offerings include I.T. support, cyber-security and compliance, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Sources:
Security Boulevard. https://securityboulevard.com/2022/10/cybersecurity-issues-in-healthcare-recent-trends-and-solution/
