The introduction of technology has spurred years of progress and innovation, although there are constant threats of cyber attacks and attempts to damage or destroy a computer network or system. Many areas of technology are susceptible to attacks, but the American Healthcare System faces a plethora of issues in the area of cybersecurity. In a report conducted by Critical Insights, cybersecurity breaches hit an all-time high in 2021, exposing a record amount of patients’ protected health information (PHI).
Compared to other sectors like finance and manufacturing, healthcare significantly lags behind other industries in cybersecurity, partly because many hospitals need to invest more in cybersecurity measures. This disparity makes the healthcare field a highly susceptible target for hackers.
Mac McMillan, CEO, and president of CynergisTek, a cybersecurity consulting firm, says, “I think the bad guys have figured out healthcare is a lucrative target…that’s more susceptible to disruption because they haven’t made the investments others have made.”
Many medical devices are an easy entry point for attackers. With devices like x-ray, insulin pumps, and especially devices that fulfill specific purposes, security is not the primary concern when designing; thus, many medical devices need to be more secure against attacks and hacking attempts. Hackers can use these weak entry points to attack a server that holds valuable information.
Using this technology, hackers can completely take over medical devices and prevent healthcare organizations from conducting life-saving treatments. In 2021, 45 million individuals were affected by healthcare attacks, and the number has continued to rise. The impacts of cyber attacks on the medical field are severe; evidence suggests that cyber attacks lead to worse patient care and increased mortality.
A survey conducted by the Ponemon Institute found that more than 20% of healthcare organizations reported increased patient mortality rates after experiencing a cyberattack. Additionally, nearly 64% of organizations said that an attack resulted in procedure or test delays, and 59% reported longer patient stays due to ransomware attacks.
In addition, the data collected by hospitals is often a motive for many cyberattacks. This stolen confidential data may sell up to 10 times more than stolen credit card numbers on the dark web.
“Whether the attack vector is ransomware, credential harvesting or stealing devices,” said Critical Insight healthcare cybersecurity strategist and vice president of Christus Health John Delano, “the healthcare industry is a prime target for attackers to monetize PHI and sell on the Dark Web or hold an entity ransom unable to deliver patient care.”
Preventive measures like upgrading technology and investing in cybersecurity protocols are essential solutions for combating cyber threats. In light of the increased cyber-attacks on healthcare, congress has created a protocol to alleviate the danger. Senator Jacky Rosen proposed the Healthcare Cybersecurity Act of 2022 to combat the growing threat of cybersecurity attacks in healthcare.
The bill requires the Department of Health and Human Services (HHS) to undertake activities to improve the cybersecurity of the public health sector. The HHS must coordinate with the Cybersecurity and Infrastructure Security Agent and is required to update the Healthcare and Public Health Sector-Specific Plan, which guides the sector’s effort to enhance the security of critical infrastructure.
With better technology and security measures, healthcare organizations can avoid technology breaches, secure their network, and protect the lives of their patients.
Article written by Sushma Katta of Richard Montgomery High School
Photo from Pexels