Why-We-Need-Better-Cybersecurity-in-Healthcare

Why We Need Better Cybersecurity in Healthcare

February 7, 2023 - Emily Newton

Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.

Cybersecurity is a vital matter in all industries. However, many people argue that improving cybersecurity in healthcare deserves special attention and resources. 

People make life-or-death decisions in hospitals and other medical facilities daily. They increasingly rely on internet-connected technologies to do that. That might mean accessing patient records stored in the cloud. It might entail hooking someone up to real-time monitoring equipment that works with smart sensors. 

Hospital employees also usually need to access internet platforms to get a patient’s lab results or update their records.  However, cyberattacks make it difficult or impossible to do those things and others. People at many affected facilities can’t even access their email accounts or document anything digitally. 

Here’s a closer look at why people cannot afford to overlook or restrict resources for cybersecurity in healthcare. 

Poor Cybersecurity Worsens Patient Outcomes

The people who work in hospitals and take direct responsibility for patient care are incredibly skilled and under intense pressure to apply their knowledge during challenging situations. Choosing the right treatments requires understanding a patient’s individual needs and their likelihood of survival. Cybersecurity issues only exacerbate the ever-changing work environment that medical professionals face. 

A study from the Ponemon Institute and Proofpoint Inc. evaluated the overall effect of insufficient cybersecurity in healthcare. One of the startling, but perhaps not surprising, findings was that cyberattacks increased patient mortality rates. More specifically, that statistic rose for 20% of hospitals hit with the most common attack types. Those were incidents related to cloud vulnerabilities, ransomware, supply chain infiltrations or email-based attacks. 

Another takeaway was that 57% of providers saw worsened patient outcomes associated with delayed tests or procedures. Plus, nearly half of the people in that group mentioned increased complications related to medical procedures.

Additionally, ransomware was the type of attack most commonly associated with negative patient outcomes. Such incidents caused delayed tests and procedures in 64% of cases. Moreover, 59% of ransomware attacks lengthened patient stays. 

Some hospital decision-makers hesitate to increase budget allocations for better cybersecurity in healthcare facilities. However, these revelations show why that’s the wrong decision. Leaders may not initially link tighter internet security with improved patient care. However, this study shows they should.

Medical Facility Cyberattacks Often Have Ripple Effects 

One of the difficult realities of cyberattacks in the medical sector is that the effects almost always span outside the affected organizations. One of the reasons that’s true is that medical organizations frequently work with external service providers. 

So, the overall attack surface for a potential attack becomes larger due to the interconnected relationships. Sometimes, vendors can pose security risks to the organizations they serve. However, hospital representatives can reduce the risks by vetting vendors thoroughly. 

A study from cybersecurity firm Critical Insight shed light on the huge consequences of health industry cyberattacks. It indicated that such events affected 45 million individuals in 2021. That figure represents a substantial increase from 2020’s total of 34 million. 

Other information in the research showed that most attacks historically occur against provider organizations. However, 2021’s numbers indicated an approximately 4% decline in such events. Conversely, attacks targeting health plan providers jumped almost 35% during the study period. There was also an 18% increase in cybersecurity incidents affecting third-party vendors and business associates linked to medical organizations. 

Since many health organizations are large and treat substantial numbers of patients per year, hackers often only must target single organizations to get the desired effects. A recent attack against OakBend Medical Center in Texas provides a good example. The criminals reportedly stole more than a million records in one ransomware attack. Some of the associated data included names, dates of birth, treatment records and Social Security numbers. 

Identity theft is a genuine risk, and it can take victims years to deal with the problem. It’s also worrying that medical facilities typically have a wealth of extraordinarily personal information about patients. It’s easy to imagine the possible blackmail risks associated with the data theft of famous people who use hospital services and want to keep their health concerns private. 

The Human Element Is a Major Cyberattack Contributor

When people think of cyberattacks, they often envision distant adversaries typing on their keyboards and scrutinizing networks to find vulnerabilities. Indeed, some internet security breakdowns happen because of those outside influences.

However, it’s also surprisingly common for them to occur because people make mistakes and have no ill intentions toward the affected organizations. The Verizon 2022 Data Breach Investigations Report analyzed nearly 25,000 security incidents, with about 5,200 being confirmed breaches. 

One of the takeaways was that the human element factored into 82% of the breaches studied. Further, a quarter of those incidents related to social engineering. However, other aspects, including mistakes and privilege misuse, caused the remainder. 

A 2021 attack on Ireland’s national health service gives a memorable example of how an innocent mistake can have long-term and costly consequences. The 2021 attack involved hackers demanding a ransom of nearly €15 million after a single employee clicked on a misleading link. An investigation indicated the worker initially had trouble using the computer. They saw a link instructing them to use a link to access a messaging service, supposedly to get tech support. 

Then, the hacker began direct engagement with the worker, telling them they’d stolen 700 gigabytes of data. The criminal also threatened to start selling the information unless the organization paid the ransom in time. Similar situations can happen in any industry. However, the need for tighter cybersecurity in healthcare comes because workers may be under increased pressure.

Consider if a computer system goes down, impacting the care decisions a medical provider makes for a patient. If that professional feels desperate to resolve an apparent technical issue, they may click fraudulent links before evaluating what could happen. 

Cybersecurity in Healthcare Deserves Investment

The people overseeing medical facilities must do numerous things to keep those locations competitive. That might mean hiring more team members or purchasing new equipment. Those are valid decisions, but this overview shows why increasing cybersecurity protections is essential, too. 

A good starting point is for IT teams to assess where the most prominent cybersecurity risks exist in an organization. Focusing on those weaknesses first can often provide the biggest and fastest returns on investment. Then, such results can cause decision-makers to feel more motivated about future spending to safeguard their organizations.

Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.

Author

Emily Newton

Emily Newton is a technology and industrial journalist and the Editor in Chief of Revolutionized. She manages the sites publishing schedule, SEO optimization and content strategy. Emily enjoys writing and researching articles about how technology is changing every industry. When she isn't working, Emily enjoys playing video games or curling up with a good book.

Leave a Comment