A recent string of high-profile cyberattacks is renewing fears of the increasingly coordinated and sophisticated attacks that can be used against healthcare organizations. According to a recent report from IBM’s worldwide security services operations, the healthcare industry broke back into the top five of the most frequently targeted industries in 2015.
A growing number of these attacks have come in the form of ransomware, where malware programs are unknowingly introduced through e-mails and e-mail attachments are used to hold critical data systems hostage.
Businesses Under Siege
Clinical information systems at hospitals, clinics, and treatment centers handle a wealth of personal and confidential data found in electronic health records (EHR), including Social Security numbers, credit card data, and medical history — making them prime targets for a variety of cyberattacks, including ransomware attacks.
One hospital had its clinical information systems shut down for over a week due to a ransomware attack. The cybercriminals behind it held these systems hostage for $3.6 million before settling on $17,000 paid in Bitcoins and restoring access to the hospital’s data. Another health system had its clinical information system shut down due to a virus-based hacking attack, complete with a digital ransom note. It took weeks for officials to restore access to its data.
New Threats, But Little Preparation
The drastic surge in cyber security threats has left healthcare IT leaders throughout the U.S. struggling to keep pace. Unfortunately, the healthcare industry has seemed ill-prepared to combat ransomware and other cyber security threats. Current challenges facing patient care organizations and the healthcare industry in general include:
- Little to no awareness of the magnitude and intensity of the ransomware problem in U.S. healthcare
- Minimal investment in data security when compared to other industries
- Little to no data security strategic planning and an inability to execute strategic plans
- Insufficient training, expertise, and preparedness among those tasked with data security
- Insufficient staffing within information security departments
- Reluctance among C-level executives and boards of directors to directly address ransomware and other cyber security threats
What Can Be Done
In an effort to protect themselves against cyberattacks, a growing number of patient care organizations in the U.S. are hiring chief information security officers (CISOs) to lead anti-cyberattack efforts. However, the effectiveness of the CISO relies on sufficient funding, support personnel, and support at the C-suite and board levels. A lack of buy-in and support from C-level executives and board members can stymie efforts to develop an effective force against ransomware and other cyberattacks.
In addition to guaranteeing funding, staffing, and top-level support, healthcare IT leaders should focus on developing a comprehensive strategic cyber security plan. Such plans should include common-sense security measures, including:
- Daily backup of core information systems
- Use of security operations centers (SOCs) and other external services
- Implementation of role-based access systems
- Enterprise-wide training of all IS end-users on a regular basis
These efforts to implement a successful data security/cyber security apparatus can help the healthcare sector overcome its vulnerability to ransomware and other malicious attacks.
If your company is dealing with its own cybersecurity issues, ROI Networks can help it move in the right direction. Contact us today for a no-obligation security session.