The (Bad) State Of Cybersecurity In Healthcare

Introduction

Cybersecurity company, Malwarebytes shared their findings in their 2019 State of Healthcare report:

  • The medical industry is ranked 7th among the most targeted industry by hackers.
  • Malware detections increased by 45% in Q3 2019 over Q2 2019.
  • Trojans increased 82% in Q3 2019 over last quarter; Emotet and Trickbot lead the way.
  • Ransomware remains a BIG concern as healthcare organizations of all sizes are being targeted.
  • Top attack methods are 3rd party software vulnerabilities, weak security and patch management, and social engineering tactics.

This report serves as a call to action to the entire healthcare industry. The consequences of a breach in a hospital or even a small medical practice can have far-reaching implications, such as modified patient data causing misdiagnoses that can lead to death, device lock-outs stopping critical treatments, and the halting of life-saving operations and procedures.

The reasons why healthcare organizations remain “low-hanging fruit” for cybercriminals

  • A sustained reliance on unsupported legacy systems and the vulnerabilities inherent in older solutions.
  • The medical industry’s focus on revenue generation and investments in research versus focusing on the security of their internal IT systems and staff training.
  • Lack of segmentation, putting their entire computer network in jeopardy by allowing hackers and malware to penetrate an organization’s system more easily.
  • Misconfigurations that are exploited by expert hackers, exposing sensitive data that should only be accessible to authorized individuals.
  • Non-HIPAA compliant medical apps that are easily exploited to capture sensitive data.
  • Negligible medical device security management increasing their vulnerability.
  • The lack of a comprehensive Business Continuity Disaster Recovery (BCDR) system to thwart the scourge of healthcare, ransomware.

What health organizations need to do

The short answer is that more funding is needed to increase IT capabilities by investing in more capable systems and personnel, better cybersecurity solutions, and comprehensive Business Continuity Disaster Recovery (BCDR) systems. It’s going to take time since most of the industry is woefully behind in their IT capabilities.

The good news is that organizations of all sizes don’t have to go it alone. Those that have fully-staffed IT departments can work with an IT Managed Services Provider (MSP) to augment their internal staff, multiplying their capabilities.

An MSP that specializes in Business Continuity Disaster Recovery (BCDR) can help a healthcare organization mitigate the effects of a ransomware attack and reduce their recovery time to just minutes and hours from the days to weeks it now takes with other backup solutions. Paying the ransom should not have to be the only option, and to be honest, it is not with the right systems in place.

Smaller medical practices that either do not have an MSP or relies on lone break-fix practitioners are particularly vulnerable. Even a small doctor’s office has a treasure trove of information that makes a hacker drool. If you are a small medical practice, ask yourself what would happen if you suddenly were locked out of all your information. How would you serve your patients? If you don’t have an MSP, get one now!

Conclusion

Medical practices, of all sizes, have an obligation not only for the health of their patients but also for the protection of the information their patients entrust to them.

With all of the exposure regarding breaches, ransomware, data privacy, etc. patients will soon start asking health providers how they’re protecting sensitive data as well as ensuring that the healthcare organization will be able to function in the event of a cyber attack. Their response will have a direct impact on profitability.

 XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment