Cybersecurity in Healthcare Organizations - the Healthcare Industry in the Digital Economy

Cybersecurity in Healthcare Organizations

The Healthcare Industry in the Digital Economy

Healthcare organizations increasingly rely on information systems for a variety of clinical and administrative functions in recent years. Electronic Health Record (EHR) is the new form which is used to record patient information and data, making it easier for healthcare organizations to implement patient care, back up files, and ensure effective communication. However, healthcare is one of the most vulnerable industries for cyberattacks, as the sheer amount of personal data exchanged daily.

Numerous IoT applications have been introduced in healthcare, from remote monitoring to smart sensors and medical device integration. A hospital has an average of 10 to 15 connected devices per bed in the United States. These devices are used to improve patient treatment, conduct medical research and enhance healthcare system efficiency.

Why Should We Worry About Cybersecurity in Healthcare Organizations?

Patient safety and well-being are closely related to the ability of healthcare organizations to protect patients' private data. When a medical institution is attacked by a cyberattack such as ransomware, the medical treatment required by the patient may be delayed, and the cybercriminals may change the data value in the medical record, thereby adding difficult for doctors to judge the accuracy of medical information or data.

The theft of clinical information leads to various criminal threats ranging from the use of stolen data for administrative fraud and the illicit use of drugs to the sale of data to the highest bidders in the dark market. As clinical patient information is highly sensitive, its theft or misuse has serious consequences for the patients’ own safety or even their insurance eligibility, etc.

These cyberattacks can be catastrophic for a health organization not only because of operational disruption but also because of financial costs involved in restoring systems and backup copies, as well as the damage to reputation that the organization under attack may suffer as a result. According to a study from IBM Security and the Ponemon Institute, the cost of the data breach for healthcare organizations rose from $380 per breached record in 2017 to $408 per record in 2018. Healthcare has the highest price for data breaches across all industries.

The consequences of a cyberattack also involve other risks associated with the clinical and operational practice of these organizations. 65% of healthcare organizations in the Asia Pacific region hesitate to accelerate the digitization

process due to fear of potential threats. This prevents them from using sophisticated technologies to detect and defend against complex cyberattacks.

Healthcare Organizations Are Not Ready to Respond to Cyberattacks

According to a recent study of Frost & Sullivan, almost half (45%) of healthcare institutions in the Asia-Pacific region either encountered a safety incident or were even uncertain about a safety incident because

they did not conduct data breach assessment.

Despite being aware of the increased challenges they face, many healthcare organizations still adopt a very passive approach to network security: cybersecurity considerations for digital transformation projects only begin when the project is launched, not at the planning stage; cybersecurity strategies are just a tactical approach to cyberattacks, not a business differentiation factor that can make a competitive advantage.

Current Threats Facing the Healthcare Industry

Internet of Things (IoT) Attacks

Cybersecurity threats are magnified after healthcare organizations apply the Internet of Things (IoT) to their operation, as a large number of devices are connected and the amount of data they gather increase dramatically.

As is the case with IoT, connected devices in healthcare are appealing targets for hackers. IoT devices for healthcare contain valuable personal information, which can be exploited for profit. Any security flaw can pose a serious threat to the security of data. For instance, hackers can remotely manipulate devices to change data value or control dosage levels for drug infusion pumps.

89% of executives of healthcare organizations reported that they suffered a security breach resulting from adopting to IoT, while 49% said malware is an issue, according to a survey published by HIPAA Journal. Moreover, another report from the threatening post found that many hospitals failed to protect critical computers that could be manipulated by hackers.

Ransomware Attacks

Ransomware attempts to encrypt the data with a key known only to the hacker who deployed the malware. The user’s access to data will be denied, until a ransom is paid. Ransomware attacks are more prevalent (and more costly) in healthcare industry than in other fields, and they can make the HER (Electronic Health Record) system inaccessible. Because of the high sensitivity and importance of patient data, hospitals tend to pay a ransom immediately when they find themselves in a ransomware situation. For instance, Hollywood Presbyterian Medical Center paid to hackers who locked access to the hospital's EHRs in 2016.

These ransomware attacks within the hospital industry demonstrate the risk that hospitals are exposed to when malicious codes succeed in blocking or encrypting information from operational systems.

Phishing Attacks

Phishing attacks are becoming more commonplace, and employees often face the potential threats that lurk in their inboxes. This strategy sends out a large number of emails from seemingly reputable sources. Accessing