Healthcare cybersecurity is under threat. According to Cybersecurity Ventures, healthcare enterprises will spend more than $65 billion on security products and services over the next five years. Increased spending may not have the intended outcome, however. New research from Trend Micro and the Health Information Trust Alliance (HITRUST) suggested that while familiar attacks such as ransomware plague healthcare, Internet of Things (IoT) issues and supply chain security breaches could pose even bigger risks. As noted by Dark Reading, supply chain risks to healthcare aren't new.
As the new year draws near, healthcare organizations are thinking about where to focus their resources. Matt Mellen, security architect and healthcare solution lead at Palo Alto Networks, predicts that, in 2018, machine learning capabilities will not only enhance a healthcare organization's cybersecurity program, but improve patient outcomes as well.
As medical technology evolves, cyberattack vectors increase. With news of killware attacks jeopardizing physical safety through Internet of Things (IoT) devices, healthcare cybersecurity leaders must remain on high alert when it comes to defending against threats. The 2021 Healthcare Data Breach Trend Report from Protected Harbor gives insight into evolving healthcare data breach patterns, predictive threats for 2022, and a playbook on how to increase information technology (IT) durability to stop future healthcare data attacks. "Due to the financial value of patient health information, electronic health records stored in healthcare organizations are a major target for cybercriminals," said Richard Luna, CEO of Protected Harbor. "Attacks and exploits are evolving every day, becoming more sophisticated and carrying more devastating payloads. Protections must be implemented at every layer of a system."
A whopping 70 percent of healthcare firms in the US have no cybersecurity insurance, according to a new survey commissioned by the analytics firm FICO. While the healthcare sector is the most negligent in this area, according to the report, a significant portion of US firms overall don't have any cybersecurity insurance: 24 percent. The new data follows a number of massive cyber breaches in recent years, such as the Equifax breach. Equifax spent a net $114 million in 2017 to cover the data breach expenses, including customer support and legal fees. However, $50 million of data breach costs were covered by insurance.
A thorough risk assessment is prudent for any organization, but is particularly essential for companies in the healthcare industry. Protecting patient data is important, and failing to have robust security measures can shut down facilities and have life-or-death ramifications. However, implementing industry-standard cybersecurity practices can inhibit clinicians' work, also leading to life-and-death consequences. For example, systems that prevent log-ins if clinicians are logged in elsewhere can interrupt or delay surgeries. That is why I feel that cybersecurity professionals should spend quality time with their healthcare clients, conducting in-depth interviews and visiting their workplaces, to develop cybersecurity measures that balance clinicians' vital workflow operations with security and patient privacy.