Technology has taken over almost every sphere of life, especially in healthcare and the use of innovative techniques to store millions of terabytes of data is becoming more common and accessible to the general public with every passing day. One might wonder as to what leads to cybersecurity being a major challenge to healthcare organizations and the answer is simple; unprotected devices, traditional operating systems, lack of knowledge and insight among the employees, apathy and lack of training that is given to the employees which they need to identify such threats when they first occur.
The healthcare sector is severely affected by incidences of security breaches quite frequently and in a report by the Identity Theft Resource Center (ITRC) and CyberScout showed that in 2016, the patient records of 27 million individuals were compromised and the problem shows no signs of disappearing anytime soon. In 2016, hackers breached the security of healthcare records at Hollywood Presbyterian Medical Center in Los Angeles and the hospital had to pay the hackers approximately seventeen thousand dollars in bitcoins to gain access to the encryption key that protected the data. During this incident, the hospital had to be shut down. Hackers even managed to affect the medical records at United Kingdom’s National Health Service – this resulted in more than nineteen thousand appointments being cancelled and causing an entire system to be crippled since without data, the practitioners were not only unable to access their files but five hospitals had to direct their ambulance services somewhere else. These incidences are not single events that occur once in a while, thousands of hospitals have been effected by this critical problem.
How do hackers breach security?
Hackers that target healthcare organizations use a variety of clever methods to not only hack into the records of medical facilities but then use the stolen data to gain money before they release the systems back to their original owners – this cybercrime is known as Ransomware. Hackers aim to exploit the smallest of weaknesses in the security systems but they are saved the effort as the state of the security employed by hospitals to guard sensitive information is truly abysmal. Stolen data is not only valuable for the black market to thrive but it can also be used in fraudulent activities, in illegal financial transactions and can even be sold to criminals.
Causes of security breaches in healthcare facilities
- Understaffing in the security department.
- Lack of resources and qualified people who can protect servers against an offense.
- Unprotected devices being used at hospitals.
- Third-party stakeholders who might not have strong strategies to prevent attacks.
- Lack of personnel to install security updates and lack of equipment.
- Lack of awareness amongst the employees.
- Use of outdated operating systems in medical facilities.
Recommendations and suggestions
- Update operating systems in order to better guard sensitive data.
- Set up a training camp to spread awareness among the staff so they can know more about the devices they use every day and the threat this over-connectivity poses.
- Hiring of qualified personnel that can not only build up strong walls against an attack but also know what to do in case of a security breach.
- Use of proper, durable equipment to prevent such breaches.
- Ensure proper staffing for the security department and make sure that all those hired are qualified and proactive enough to handle a security breach.
- Increase funding for cybersecurity in healthcare facilities to guard the sensitive data of all patients.
The challenge might be daunting but it certainly is solvable if attention is paid to the matter at hand and solutions are effectively implemented in all medical facilities.