Today, no industry is truly safe from cyber threats and the devastation they can cause.
Anything from ransomware to social engineering tactics, such as phishing, can target industries across the spectrum, and one of the most victimised industries is the healthcare sector.
Hospitals account for a large percentage of data breaches, with the frequency only improving as technology advances.
Hospitals face increased pressure to optimise and improve patient care by embracing advancing technologies, leading to more surfaces for attacks to take off on, which hackers are actively looking to exploit.
There are several different reasons for this heightened vulnerability, including the high volume of confidential data and personal information contained in its legacy system, and the fact that most hospitals can’t afford downtime associated with ransomware attacks.
The HIPAA Journal has extensive reports about healthcare data breaches, outlining large attacks such as The Anthem breach which affected almost 80 million members.
In this report, HIPAA states that between 2015 and 2019, 76.59 per cent of all recorded data breaches were in the healthcare sector, three times as many as education, finance, retail, and government sectors combined.
The COVID-19 pandemic led to a huge surge in telehealth conferencing and doctor’s visits, which resulted in heavy volumes of data valuable in the hands of a cybercriminal.
Remote testing and vaccinations require data collection, which is often stored on outdated systems grandfathered into existing infrastructure.
These antiquated systems are often lacking in cyber security features, especially those that target newer attack methods as technology evolves.
The usual suspects
As with every other industry, email, particularly phishing scams, is one of the biggest entry points for cyber attackers.
Social engineering, which involves the attacker impersonating a trusted official or figure to fleece information out of victims, plays a role in most cyber breaches.
Even the most high-tech, innovative cyber protection solution can’t fully account for human error and how persuasive a well-written phishing email, website, or message can appear.
Verizon’s 2022 Data Breach Investigations Report (DBIR) reports that 2.9 per cent of all phishing emails are clicked on, a concerning figure considering the large volume of attempts.
Emerging technologies are making these phishing attempts more sophisticated as well.
Artificial intelligence and machine learning enable cyber terrorists to generate convincing phishing schemes, indistinguishable from a human-written one, and in many cases, even better.
Chatbots available on the dark web such as FraudGPT can create phishing pages in a matter of seconds, free from the ethical constraints woven into chatbots available on the Clearnet.
AI technology also enables the creation of convincing deep fakes, allowing bad-faith actors to swindle their victims with videos and calls seemingly conducted by trusted officials, especially high-profile ones whose information is more readily available online.
Medical devices are another rising concern in healthcare, as evolving technology introduces internet connectivity into newer medical aids.
The Internet-of-Things (IoT), although increasing convenience and offering a glimpse of automated luxury, renders connected devices attractive points of entry for cyber attackers.
Although these devices normally come standard with built-in security measures, like with all connected devices, they risk lagging behind newer technology and require constant configuring and maintenance to keep them secure.
Several healthcare organisations, unfortunately, do not know how to fully secure and configure these devices, and the large volume of devices only makes it harder to monitor and manage each connected aid.
If these devices fail or suffer a large-scale attack that compromises them, patients risk harm and potential death as a result.
Devices can also lose support and periodic updates as they age and newer technologies are released, increasing overall vulnerability, and again feeding into the problem of antiquated infrastructures hindering cyber protection.
The next steps
Luckily, as with most cyber threats, there are precautions healthcare organisations can take to mitigate the chance of these attacks and breaches.
For one, upgrading infrastructure to include newer software and hardware can be a huge help, but is an overwhelmingly expensive and time-consuming solution for most facilities.
Healthcare organisations also cannot afford the downtime associated with upgrading legacy systems, but updating individual systems and devices is a good starting point that won’t cost downtime or a negligible amount.
Staff awareness and training programmes teach staff how to stay vigilant and identify possible scams, but there’s a line that cannot be crossed.
A lot of organisations rely on PowerPoint presentations and quizzes that don’t fully engage the user, resulting in little to no information being retained.
It’s recommended by experts to conduct productive but engaging methods of cyber security training, including more entertaining videos, friendly competitions and even offering prizes and rewards for completing the training.
Consolidated solutions are some of the simplest and most resource-efficient solutions available on the market.
Acronis Cyber Protect Cloud detects and blocks the malware common in data breaches and ransomware attacks.
Using multi-layered behavioural and AI-powered detection engines and integrated disaster recovery options, Acronis ensures minimal business disruption across healthcare facilities of all sizes.