Cybersecurity and Healthcare

Can they work together?

In the wave of large-scale cybersecurity breaches sweeping the country, there is one sector which is barely reported on, and yet represents possibly the most pressing technological threat to human life.
Just last month, the personal data of the entire population of Ecuador was compromised. To be more accurate, more than the entire population was compromised, as even the data of departed and soon-to-be Ecuadorians were included in the breach. This is in addition to the data of the entire Bulgarian adult population which was released by a 20-year-old hacker earlier in the summer. Couple this with the massive settlements being paid by the largest tech, travel and credit firms in the world, and it comes as no surprise that there's scarcely any room left to discuss the looming threats that are still ahead of us.

But here goes.

The most vulnerable sector to cybersecurity attacks isn't Wall Street, the military, or even Silicon Valley. It's our healthcare system.

At 7:44 am (UTC) on May 17, 2017, a ransomware virus was released in Asia that spread to over 200,000 computers in 150 countries, shutting down thousands of healthcare systems and causing over a billion dollars in damage. All in less than 24 hours. Two years later, the number of fatalities still remains unknown. Today, this is known as the infamous WannaCry attack and has so far resulted in a grand total of zero arrests.

Since that fateful day, government agencies have been working overtime to harden the cybersecurity of their respective healthcare industries, but with little success. In the following year, over a third of all ransomware attacks targeted the healthcare industry, double that of the second most targeted - manufacturing.

All of this leads us to ask: why is the healthcare industry in particular so susceptible to cyberattacks?

1) Medical records are very valuable
Reports estimate that, due to their accuracy and completeness, a single medical record is worth around $1000 on the Dark Web.

2) Medical care is essential
As opposed to attacks on banks or schools, hospitals cannot simply shut down for a few days. Hackers (somewhat accurately) assume that hospitals will prefer to pay their ransom rather than risk alternative.

3) Hospitals utilize increasingly complex systems
This is a double-edged sword. On one hand, hospitals are eager to purchase the latest and greatest medical equipment. However, unsurprisingly, this comes at a large cost. With the vast majority of the budget spent on upgrades, there is very little left over for maintenance and security. Furthermore, each purchase is layered upon its predecessors, creating a network of devices and systems that few, if any, can keep track of.

What to do?

The solution to this systemic issue plaguing healthcare providers worldwide is certainly not something that be can addressed in the space of this article. However, there are two essential steps that you can be take today to radically improve your security posture.

1) Factor cybersecurity into key decisions
Of course, this can be done in numerous ways. If you don't have one yet, go out and hire an experienced Chief Security Information Officer (CISO). Alternatively, consider partnering with a Managed Security Services provider. In an earlier article, we've discussed the various advantages that can be netted by outsourcing strategic elements of your cyber strategy.

2) Cultivate a culture around cyber security
This may initially seem insignificant, but the truth is that security experts can only go so far. In the WannaCry case, for example, Microsoft had already released a patch that would have defended against the malware. The reason it didn't work is because healthcare providers failed to update their systems on-time, resulting in outdated operating systems that remained vulnerable to archaic threats.

Accordingly, any security strategy must create a dynamic of shared responsibility at its core if it is to be at all effective. This means introducing training workshops, awareness programs, and top-down messaging that shows employees that your organization takes cybersecurity seriously.

Remember, corner office marketing execs and lobby receptionists are just as responsible for protecting company data as are the cubicle-dwelling IT technicians. They each have a job to perform, each in their own way. Cyber security is only secure when it's everyone's responsibility.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.