Threat Analysis Unit Announcements

New Osterman Research Report | Cyber Security in Healthcare

[vc_row][vc_column][vc_column_text]In 2019, roughly 45 million healthcare records were breached in the United States. With ransomware as their go-to technique, cyber attackers are targeting healthcare providers, medical devices, and critical supply chains more than ever before.

The latest Osterman Research report, “Cyber Security in Healthcare,” explores vulnerabilities in the healthcare sector, the far-reaching impacts of a breach, and how organizations mitigate risk and harden their defenses.

The Risks of a Healthcare Breach

It is far from an exaggeration to state that healthcare security is a matter of public health and emergency preparedness. Given the lucrative nature of patient data and the priceless value of high-tech medical equipment, there is little wonder why ransomware targets healthcare providers and institutions. As stated in the report, “Healthcare providers subject to a successful ransomware attack face urgent life-or-death situations for patients which can be enough to force the paying of the ransom demand.”

At the same time, data breaches are not only an external threat to an organization, nor are they solely the product of malicious actions. Osterman Research highlights the gap in security preparedness that simply results from poorly designed internal processes and insufficient training. 

The regulatory fines and practical consequences of an incidental breach of Protected Health Information (PHI) are costly. For example, the fallout from the 2017 WannaCry ransomware attack forced the United Kingdom’s National Health Service to “to cancel 19,000 appointments and operations, refuse acceptance of new patients, and pay a clean-up bill of more than €90 million [/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][or over US$100 million][/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text].”

In some cases, patients have to be physically and digitally transferred to other hospital systems while recovery takes place at the breached institution. Attacks like ransomware, phishing, and opportunistic exfiltration of data pose a risk not only to the safety and wellness of patients but also to the reputation and trust placed in healthcare providers in any country.

Current Outlook and Future Prospects

Osterman Research makes the diagnosis of the situation plain: “Highly Attractive and Highly Vulnerable.” When a single patient record can sell for $1,000 and providers face a tangled web of threat factors, the healthcare industry will continue to be in the spotlight for cyberattacks. 

That is, unless changes are made.

Among the several different solutions proposed in Osterman Research’s report are recommendations to:

  • Strengthen secure access to systems through multi-factor authentication,
  • Enforce thorough security awareness training for employees, and
  • Harden medical devices through automated vulnerability patching processes.

Ultimately, the circumstances are serious, but not unsalvageable. The healthcare industry has had a history of underinvestment in cybersecurity, and meaningful steps must be swiftly taken to bolster protections against future breaches.


 

 

To access the full insights from Osterman Research, download the “Cyber Security in Healthcare” report now:

Read Now


[/vc_column_text][/vc_column][/vc_row]