2021 was the worst ever year for healthcare industry data breaches. 714 data
breaches of 500 or more records were reported to the Department of Health and
Human Services (HHS). About 46 million records were reported to the HHS as
being breached.
As cyberattacks are lurking in many forms, healthcare cybersecurity has become more essential than ever before. Hospitals, doctors’ practices and other health providers have become some of the biggest targets. Due to the sensitive nature of patient data and their vital information cybercriminals know that they can make a lot of money from data breaches.
Just remember the 2015 Anthem data breach. Disastrous loss to business and profits confirms that cybersecurity is more than critical to protect healthcare
networks and systems.
To make things worse, cyberattacks have become trickier. Attacks like phishing and spear phishing scams, impersonation, ransomware and cryptojacking ask for more than the usual firewall and antivirus software.
In light of the threat of Russian cyberattacks and cyberwarfare, taking proactive
steps to enhance the cybersecurity of healthcare is crucial.
On March 23, 2022, Senators Bill Cassidy (R-LA) and Jacky Rosen (D-NV) introduced the bipartisan Healthcare Cybersecurity Act (S.3904) to protect
health data amid increasing concerns of cyberthreats from Russia.
“Healthcare and Public Health Sector assets are increasingly the targets of malicious cyberattacks, which result not only in data breaches, but also increased
healthcare delivery costs, and can ultimately affect patient health outcomes,”
the bill began.
(source: https://www.congress.gov/bill/117th-congress/senate-bill/3904/text?r=1&s=1)
The main goal is to enhance healthcare cybersecurity by partnering the Cybersecurity and Infrastructure Security Agency (CISA) with HHS, resulting in improved cybersecurity in the healthcare and public health sector.
The new quality of elaborate cyberattacks requires collaboration between healthcare entities, threat-sharing organizations, and government agencies.
(source: https://healthitsecurity.com/news/senators-introduce-healthcare-cybersecurity-act)
Not only must healthcare organizations prioritize technical cybersecurity systems,
but also cybersecurity awareness training and investments in the cybersecurity
workforce.
A recent report conducted by the Center for Generational Kinetics (CGK) stated that proper employee cyber hygiene is crucial to maintaining healthcare cybersecurity. Poor employee cyber hygiene can put at risk even the best healthcare cybersecurity measures.
investigated and remediated in a timely manner. A strong employee cyber hygiene
can have a great impact on organizations’ cybersecurity.
For healthcare, cyberattacks can threaten patient safety and privacy. Unlike any
other industry, the price of failure of cybersecurity in healthcare can be
measured in loss of life
The good news is that healthcare cybersecurity systems are becoming more and more effective protecting against elaborate cyberthreats. Artificial intelligence is
a very useful security feature available in cybersecurity tools that can
analyze a high volume of data to detect abnormalities that may indicate a
breach, attack or infection.
Resources:
https://www.congress.gov/bill/117th-congress/senate-bill/3904/text?r=1&s=1
https://healthitsecurity.com/news/senators-introduce-healthcare-cybersecurity-act
