To say that healthcare organizations are a top target for hackers is not exactly breaking news. The sector has been working furiously over the past decade to enhance its data sharing and other digital capabilities. The breakneck pace of change has led some healthcare players to push cybersecurity to the side. And hackers have been sniffing out these opportunities.
A recent threat report from Rapid7 suggests that this trend may be gaining momentum, citing a surge of cyber attacks in the first quarter of 2018. The count has been high enough that it qualifies the industry as the top target for the quarter. Meanwhile, IoT security firm Pwnie Express has reported the results from a healthcare cybersecurity survey of industry professionals and found a prevailing view that companies are underprepared for cyber attacks.
With the rapid growth of internet-connected medical devices, the attack surface of hospitals is expanding. A May 17 report in Forbes discussed first-of-a-kind ransomware hacks that affected radiology equipment in US hospitals. Experts warn that other devices — from MRI machines to productivity-enhancing devices for nurses — are also extending companies’ risks.
The types of data that healthcare organizations manage are in high demand among hackers, and it’s important that the industry takes steps to intervene in the alarming hacking trend. To bring defenses up to speed, firms can take several actions:
- Improve cybersecurity governance: Security needs to be a top priority and deeply connected to the mission of the organization. Top stakeholders should be invested in the functioning of the cybersecurity effort.
- Operational enhancements: Security functions should be a core part of the operational model, and they need to be orchestrated in a manner that can be coordinated across several functions.
- Compliance: Meeting the regulations for HIPAA and HITECH is a necessary step and a strong start for a cybersecurity program.
- Assessment: To manage risk, organizations need to understand what exactly those risks are. Risk assessment must be an ongoing function.
- Third-party management: The interconnectedness of healthcare organizations means third-party risk is a primary concern. Companies need to properly vet the partners they work with.
Lunarline offers security consulting services specific to the healthcare industry. For information on how we can help you, contact us today!