Healthcare cybersecurity trends: Organizations not quite ready to deal with threats
Protected Harbor announced the launch of its latest whitepaper on healthcare cybersecurity which offers readers an insight into evolving healthcare data breach patterns, predictive threats for 2022, and a playbook on how to increase IT durability to stop future healthcare data attacks.
“Due to the financial value of patient health information, electronic health records stored in healthcare organizations are a major target for cybercriminals,” said Richard Luna, CEO of Protected Harbor. “Attacks and exploits are evolving every day, becoming more sophisticated and carrying more devastating payloads. Protections must be implemented at every layer of a system.”
The healthcare data breach report included statistics from 686 security breaches of 500 or more healthcare records; as reported by HHS’ Office for Civil Rights (OCR). 74% of all healthcare data breaches are from hacking and IT incidents, attributed to understaffed healthcare IT departments, legacy technologies not configured properly for new medical technology, and a lack of interoperability standards. This problem is costing companies around $9.23M per data breach, as reported by IBM.
As the industry continues to evolve and respond to the data growth from increased usage of medical devices and technologies, more vulnerabilities are discovered. The report has identified the following top healthcare data security threat issues heading into 2022:
- IoT connected medical devices
- mHealth & telehealth technologies
- The Cures Act & remote patient access
- Understaffed & underfunded IT departments
- Lack of employee security training
Improving healthcare cybersecurity and network architecture will harden healthcare infrastructure, increase application durability, decrease overall costs, and increase public trust. The report also identified the following data protection suggestions for Healthcare IT departments:
- Fast healthcare interoperability resource standards
- Multi-factor authentication
- Mobile device security strategy
- Isolated and validated backups
- Integration of managed service teams
“Digitalization has drastically increased the amount of data and how the healthcare industry does business. But the original network architectural designs were not meant to handle this size of a workload,” continued Luna.
“Teams need to do more regular penetration tests, malware tests, backup validation, disaster recovery drills, improve monitoring, run compliance scans, and keep to a maintenance schedule. It is not easy to keep track of so many moving parts that have been integrated since COVID-19. That is why so many HCIT departments are teaming up with managed service firms.”
Additional findings from the report include network server attacks accounting for 53% of all incidents in 2021, followed by email attacks at 27%. 21% of breaches can be attributed to unauthorized access, such as granting too much-privileged access to third parties.
Hacking and IT incidents targeting outpatient and specialty clinics have grown 41% in the past year. 30% of all large data breaches in the U.S. are from hospitals. And California has the most healthcare data breaches, making up 10% of all breaches in 2021; followed by Texas (8%) and New York (6%).