Why hospitals and healthcare organizations need to take cybersecurity more seriously | #malware | #ransomware | #cybersecurity | #infosecurity | #hacker

The fuel shortages and rising gas prices generated by the Colonial Pipeline ransomware attack in May foreshadow the disastrous and far-reaching effects of cyberattacks on critical infrastructure. SolarWinds, JBS, Kaseya, and a torrent of other high-profile cyber incidents have captured the attention of the American public and the highest levels of government, leading to a flurry of federal actions, including the nomination of the first-ever National Cyber Director, formal attribution of the SolarWinds attack to Russia, the release of an executive order imposing new security standards for software on federal procurement lists, and a host of legislative proposals to improve the nation’s cybersecurity.

Though these prominent cyber incidents have triggered several cybersecurity initiatives, policymakers have paid relatively little attention to the considerable potential cyber risks in the healthcare sector. The WannaCry ransomware attack which took down the United Kingdom’s National Health Service in 2017 served as a wake-up call to healthcare organizations around the world, illuminating the urgent need for proactive investments in cybersecurity. And yet, healthcare organizations in the U.S. remain a vulnerable target, lagging behind other industries on key measures of cyber-readiness.

As the resurgence of COVID-19 cases stretch hospital capacity to the limit, it provides a fresh reminder of just how critical it is for our healthcare infrastructure to be resilient in times of crises. With the sharp uptick in ransomware attacks on healthcare organizations during the pandemic, and the first death attributed to a ransomware attack in 2020, it is clear that that malicious actors are capable of compromising mission-critical healthcare infrastructure, from the automated refrigerators that store blood products for surgeries to the CT scans that are vital for triaging trauma patients.

Indeed, the recent surge in cyberattacks on healthcare organizations prompted the Cybersecurity and Infrastructure Security Agency, the FBI, and the Department of Health and Human Services (HHS) to release a joint advisory warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” At the same time, many hospitals are once again reaching surge capacity due to the Delta variant, making cybersecurity more important than ever before.

The Poor State of Healthcare Cybersecurity

In 2017, the Health Care Industry Cybersecurity (HCIC) Task Force established by HHS issued a report to Congress in which they claimed that healthcare cybersecurity is in “critical condition.” Four years later, the Task Force’s assessment still rings true. Since the onset of the COVID-19 pandemic, the rate of ransomware attacks has soared across all industries, and healthcare has been the disproportionate target of such attacks. The 2020 HIMSS Cybersecurity Survey revealed that 70% of hospitals surveyed had experienced a “significant security incident” within the past twelve months, including phishing and ransomware attacks that resulted in the disruption of IT operations (28%) and business functions (25%), as well as data breaches (21%) and financial losses (20%).

Healthcare organizations are an inviting target for financially motivated threat actors because their broad attack surfaces make it relatively easy for cybercriminals to find vulnerabilities and monetize their exploits. The passage of the HITECH Act in 2009 incentivized investments in health information technology to modernize the U.S. healthcare system, leading to unprecedented connectivity and an expansion in the usage of medical devices. Today, Electronic Health Record systems are the heart of the healthcare organization, connecting medical devices with other applications to provide a more wholistic picture of patient well-being. Additionally, the U.S. boasts an average of 10 to 15 networked medical devices per hospital bed, meaning large healthcare organizations face the herculean task of securing tens of thousands of medical devices, many of which are quite easy to hack. The digitization of healthcare infrastructure catalyzed major advancements in patient care, but also created major opportunities for attack. A single vulnerable asset can provide a threat actor with a foothold into the organization and compromise the confidentiality, integrity, and availability of patient data and medical services.

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.