If anyone in healthcare technology was feeling sleepy earlier this year, now they must be wide awake. The WannaCry and NotPetya attacks that struck multiple hospitals and healthcare systems within the past few months serve as glaring warnings of the growing cyber threat landscape, along with the costs at stake. While cyber threats are not new, they are not diminishing either. Instead, cyber attackers are working relentlessly to stay ahead of the cyber security curve, eager to thwart hospitals’ defenses by exploiting some weakness that has yet to be patched.
Why is the healthcare industry such a prized target? According to IBM, cyber criminals can use the vast amount of personal information within health records for medical identity theft and fraud, and most healthcare systems are slow to update their cyber security (Zorabedian, 2016). Sophos found in their survey that less than a third of healthcare organizations reported extensive use of encryption, and about a fifth don’t use encryption at all. Yet the hospitals lacking encryption are not the only ones that need to shape up; they share the responsibility with doctors’ offices, insurance companies, and even private employers, who have also been guilty of not encrypting employees’ or clients’ private healthcare information (Zorabedian, 2016).
Aside from implementing more widespread encryption, hospitals need to bolster their defenses by increasing cyber security awareness, adopting more advanced technology, and securing shared networks (Alton, n.d.). These solutions are not without challenges, however, as most hospitals have limited financial resources to dedicate to more personnel or cyber security tools (Calyptix, 2017). Nevertheless, all healthcare staff has a role to play in strengthening their organization’s cyber security. With lives at stake, the risks of lax cyber security are far too great to ignore.
Interested in cyber security training for your organization’s technical professionals? Check out IEEE’s course, Cyber Security Tools for Today’s Environment.
Alton, L. (n.d.). Why the healthcare industry is behind on cyber security. ISACA.
Calyptix. (2017, Jun 13). 10 biggest problems in healthcare cybersecurity. Calyptix Security.
Zorabedian, J. (2016, Apr 26). Why cybercriminals attack healthcare more than any other industry. Naked Security by Sophos.