Healthcare Cyber Security: Why Healthcare is Vulnerable
Updated: Aug 7, 2020
In the past two years email fraud in healthcare has increased by 473%. Most cyberattacks are the result of phishing attacks.
A phishing attack occurs when a hacker enters a network through an employee’s email account, often accomplished when an employee opens a malicious link. Once in a network, hackers can steal or corrupt files, making them unreadable. In healthcare, this kind of attack can be detrimental to your patients and your reputation. As the most targeted sector in the United States for cyberattacks, healthcare cybersecurity is increasingly important.
Why Healthcare is Targeted
There are a few reasons why the healthcare industry is a particularly appealing target for cyberattacks.
Outdated Operating Systems Healthcare organizations use Microsoft software at a higher rate than other industries. This is the result of the majority of medical devices operating using Microsoft technology. In addition, outdated Microsoft operating systems are still used in abundance, as it can be difficult to update the software on many of the medical devices. However, it isn’t just about the software, many doctors are reluctant to adopt more advanced technology, according to The New Yorker. Employee hesitation is the biggest obstacle to implementing newer more secure technologies.
Employee Training Phishing attacks have become more sophisticated making it difficult to recognize a phishing email. Employees should be trained regularly on healthcare cybersecurity however, security training in a healthcare environment often falls to the wayside due to the busy nature of the work. Healthcare workers are generally moving at a fast-pace, checking their emails while on the go. This makes them more likely to click on a malicious link.
Valuable Data The sensitive nature of the data that healthcare organizations hold on their patients makes them an appealing target. Healthcare information is ten times more valuable on the dark web than financial information. Protected health information (PHI) can include anything from treatment information, Social Security numbers, contact information, address, etc. With the vast amount of personal information held by healthcare entities, identity theft is a real possibility.
Healthcare Cybersecurity: 3 Strategies to Protect Against Phishing Attacks
Organizations working in healthcare must implement cybersecurity practices to safeguard the PHI they are working with. Most healthcare organizations do not have sufficient measures in place.
Healthcare cybersecurity should incorporate the following:
Cross-platform Solutions Implement healthcare cybersecurity across multiple platforms such as email platforms, web browsers, and other software that connects to the network. Continually update infrastructure to ensure that all systems are running the most up-to-date software. If there are any computers or medical devices that cannot be updated to newer software, they should be replaced. Although this can be an expensive undertaking, upgrading devices does not need to be done all at once.
Take Advantage of Teachable Moments Using real incidents to highlight threats will resonate better than general training on cybersecurity. When an employee receives a suspicious email, it is important to teach them why the email is suspicious, and what to look for in the future. Phishing emails can be difficult to recognize as hackers disguise themselves as a trusted user. There are a few things to look for, such as checking the email address, looking for grammatical errors, or generic greetings. Seeing a real example of a malicious email will prompt employees to modify their behavior when opening emails.
Privacy as a Priority Privacy of patient data is of the utmost importance. Healthcare organizations must implement email security tools that filter out harmful emails. In addition, PHI should only be emailed externally when it is encrypted. Emails sent outside of an organization pass through a third-party server on their way to the intended recipient. Encrypting emails will mitigate the risk of data in transit being compromised. Healthcare organizations, no matter the size, are continually targeted by cyberattacks. The vast amounts of sensitive information compounded by outdated technology make healthcare organizations the perfect target for phishing attacks. As such, healthcare organizations must be vigilant in their efforts to bolster their cybersecurity.