Cybersecurity in the Healthcare Sector: How Cyberattackers Threaten Patient Safety
As DMV-area residents and healthcare workers continue to step up to the challenge of living in a pandemic, cybercriminals have also stepped up as a formidable threat to patient safety.
Healthcare providers are well-versed in patient privacy laws due to their training in the Health Insurance Portability and Accountability Act (HIPAA), which protects a patient’s health information. But what about protecting patient privacy from hackers?
While there are dedicated cybersecurity experts who work to protect patient safety, it is important to realize that on the front line of cybersecurity in healthcare are the healthcare workers themselves—and most of them don’t even know it.
The healthcare industry has been advancing technologically at a quick pace. More providers now keep patient records digitally and use innovative devices that connect to the internet.
That can leave a patient’s private information and the devices upon which their lives and health depend vulnerable to hackers.
How Life-Saving Devices Pose a Threat to Security
Many medical devices connect to the internet, from personal insulin pumps to robots that perform surgery.
“As a physician, the connectedness of medical devices provides many important benefits to both me and my patients,” says Chief Medical Information Officer at Booz Allen, Steve Kastin, MD. According to him, connected devices allow you to:
- Instantly know if a medical device stops working
- Share information with other healthcare providers and the patients themselves
- In some cases, manufacturers can diagnose and repair a malfunctioning device remotely
While these devices can be life-saving and life-changing, they are vulnerable to cyberattacks.
For example, a hacker could hijack a person’s pacemaker to disrupt their heartbeat. An attacker could also hijack a robot mid-surgery and control its movements. These scenarios sound scary, but they are possible. Luckily, they are also preventable.
Healthcare Workers: The Front Line of Information Security
Healthcare workers play a larger role in cybersecurity than they might realize.
The most common types of cyberattacks in the healthcare industry are phishing, social engineering, and ransomware attacks.
Attackers use these methods to illegally gain access to private information, systems, and devices. They then hold that information, computer, or device “hostage” and ask to be paid a ransom.
In 2017, a ransomware attack caused the entire UK’s National Health Service to shut down.
One of the most significant cyberattacks in the healthcare industry was the WannaCry ransomware attack, which took over 200,000 computers in 150 countries offline. In some hospitals, the ransomware restricted access to all the devices, including medical equipment.
But how does ransomware software get on someone’s computer, you might ask? Well, a person is tricked into downloading it.
This is why healthcare workers are on the front lines of cybersecurity in healthcare.
Empowering Healthcare Workers With the Right Training
Healthcare providers already work hard to protect their patients’ safety and privacy but can sometimes fall victim to ransomware attacks because they were not trained on the subject adequately.
According to a survey of healthcare workers by Kaspersky Lab, 32% of respondents said that they “had never received cybersecurity training from their workplace but should have.”
This is why the industry-leading cybersecurity firms in healthcare recommend organizations create basic cybersecurity training programs for all of their employees. Suppose front-line healthcare workers knew what to look for when it comes to identifying common cyberattacks.
This would allow workers the ability to play a critical role in reducing the number and severity of such attacks in the future, rather than being the number one target for hackers.
Stepping Up to Combat Cyber Threats in Healthcare
So what are cybersecurity professionals doing to help increase patient safety and minimize risks to our healthcare system?
Since cybersecurity pros can only control what’s going on behind the scenes, they must constantly raise awareness about modern cyber threats.
Cybersecurity professionals help raise awareness in their organizations by teaching employees in their organization about the types of cybersecurity threats, such as phishing, ransomware, spyware.
This helps employees to remain vigilant and knowledgeable.
TRAINING HEALTHCARE TEAMS
In addition to educating other departments on cyberattacks such as phishing, ransomware, and social engineering attacks, cybersecurity pros also teach those employees how to prevent such attacks.
For example, they might teach the employees how to know when something should be reported to the cybersecurity team, how to set up two-factor authentication, best practices for creating passwords, and many other preventative measures.
USING TECHNICAL METHODS
Cybersecurity teams use tactics such as segregating networks so that anything critical is not connected to the internet directly. A comprehensive backup and recovery plan for retrieving stolen data is highly recommended.
Behind the scenes, the cybersecurity team also works to properly comply with all state and federal regulations, regularly run risk assessments, and implement strategies to both respond to security breaches, as well as recover stolen data.
To learn more about a career in cybersecurity and the career paths available in the industry, check out the American University Becoming a Cybersecurity Professional eBook.