Cybersecurity is important in every organisation, but why is it particularly important in healthcare? This article is the first of our new Cybersecurity Series, and will explore some of the reasons why the healthcare sector is a target for cyber-attacks, as well as a few measures you can implement to block some routes that cybercriminals may attempt.
Written by Kit Barker, Chief Information Security Officer at Agilio Software.
Cybercriminals don’t care if they’re hacking into healthcare providers’ sites. In fact, they might even target these sites specifically, due to the value of healthcare data. It’s important for healthcare practices to understand how to mitigate the risk of cyber-attacks and protect their financial resources as well as their patients’ data.
Why healthcare is a target of cyber-attacks
During the pandemic, there was some respite for the healthcare sector, with some hacker groups even publicly announcing they wouldn’t hit healthcare providers. Unfortunately, it seems that normal service has resumed, and it’s business as usual for the attackers.
To understand why healthcare is a target, we need to think about why criminals attack organisations in general. Sometimes, people attack sites just to cause damage or to push a message. Sites with political content may experience this, but this doesn’t really apply to healthcare as healthcare is almost universally viewed as good. So, why are healthcare organisations a target?
Money.
With the major focus being on patient care, cyber-security and security awareness can often be lacking. Also, many healthcare organisations can have a complex set of data assets; multiple sites, many applications that need to talk to each other, a mixture of paper and electronic records, shift and agency workers, and so on.
Successful attacks can be extremely profitable for the criminals as healthcare providers can be large organisations with huge budgets. The data processed can be extremely sensitive, and if held to ransom, healthcare providers have a tough choice to make:
- Recover from backups and plug any holes found in their security.
- Pay the cybercriminals and hopefully resume business as soon as possible.
If you don’t have full backups, that choice becomes massively more complex.
How cyber-attacks in healthcare threaten patient privacy, the practice’s financial resources, and more
The CIA Triad
When we talk about data security, we are looking at protecting three aspects of the data:
- Confidentiality – the data should only be shown to users with authorisation to see it.
- Integrity – the data should be correct and modified only by those with authorisation to do so.
- Availability – the data should be available to authorised users when they need it.
Our security is breached when we fail to protect any of these elements (often called the CIA Triad).
All cyber-attacks threaten one of these elements, with the most common being confidentiality and availability. One of the most common attacks is the ransom attack, which is where an attacker will either gain access to a system and:
- encrypt data stores and offer to provide encryption keys if a ransom is paid, or
- extract sensitive information and threaten to publicly share it if a ransom is not paid.
In healthcare sectors, the encryption attack is the most common. Threatening to release information would be hugely problematic for these organisations, but it would not prevent them performing their primary function of caring for patients.
Without a robust set of disaster recovery processes and data backups, healthcare organisations can have little option but to pay a ransom, even though there’s no guarantee that the criminals will release the data. Such ransoms can be large, but the impact on finances doesn’t stop there. Management of and clean up from an attack is expensive; hiring consultants in an emergency situation is never cheap and using digital forensics to discover the route of an attack- and then deploy countermeasures to stop further attacks – can be crippling.
The security software vendor, Sophos, released an annual State of Ransomware report and the figures for 2022 are startling. The report suggests that in the UK, 57% of all organisations had been impacted by a ransomware attack, with 66% of healthcare organisations affected. A staggering 61% of healthcare organisations paid at least part of a ransom, but even then, only 64% of data was recovered. The average ransom paid by UK organisations was over $166,000 (but over $4,000,000 in Japan!).
Then, finally, regulators can hand out large fines to organisations who do not provide a sufficient level of protection to personal data.
Healthcare Data Security – Why cybersecurity measures in healthcare are so important
The consequences of falling foul of a successful cyber-attack should be very clear. While no security can be perfect, having robust cybersecurity in place gives organisations the best chance of preventing an attack in the first place, and enabling a quick recovery if you do ever fall victim to one.
The most common routes to cyber-attacks of these kinds are reasonably simple to block:
- Have good technical controls on end-user devices. This will include a strong firewall, ensuring software is kept up-to-date, and that modern antivirus and anti-malware solutions are in place.
- Make users aware of the risks. Phishing is still one of the main routes for attackers gaining access to systems. While the technical controls above can block many attacks, informed and educated users are your best defence. Train your teams to understand what the risks are and show them what safe internet use looks like.
- Plan for what happens when your security fails. As mentioned previously, no security is perfect. Planning for a breach means ensuring you’re taking robust and tested backups of all essential data, you have processes in place for when an attack happens, and your teams know how to respond.
We hope that this article has given you a better understanding of why healthcare practices are at increased risk of cyber-attacks and what cybersecurity measures you can put in place to help block the common cyber-attack routes.