If hackers attack an organization in the financial services, engineering or manufacturing sector, the risks are basically monetary. But when it comes to healthcare cybersecurity, in addition to financial risk, people’s health and well-being are also in danger.
In the United States, according to the Department of Health and Human Services, there was an almost 50% increase in health cybersecurity data breaches between February and May 2020, compared to 2019. It is believed to be the result of the pandemic caused by COVID-19 that brought about necessary radical changes and diverted the focus, putting extra pressure on already inadequate cyber security measures.
According to Natali Tshuva, CEO and co-founder of Sternum, an IoT – IoT cybersecurity company, “hackers know that the healthcare industry has cybersecurity flaws and that motivates them to create more attacks.”
If there is something that hackers like, it is a target that is ‘light’ and large, so complex organizations in sectors that are slow to adopt secure digital technologies are the preferred targets. These organizations generally have broad and mostly poorly defended attack surfaces (set of points at the edge of a system), which allows hackers many routes of entry to not only filter data, but also compromise services and systems. of hardware.
Overall, health care is one of the most visible and easy targets. Successful cyber attacks in hospitals often cause problems with patient data and routine workflows, such as medication scheduling, resource management and other essential services.
How does healthcare deal with cyber risks?
A study by the Independent Security Evaluators (ISE) consultancy found that the industry focuses almost exclusively on protecting people’s health records and rarely addresses protecting patient health from the perspective of a cyber threat. With this focus, organizations perceive threat actors as ‘unsophisticated adversaries’, as individual hackers. ISE believes that these institutions ignore the potential for more sophisticated cyber attacks on hospitals by political groups of hackactivists, organized crime and terrorists who are highly motivated and well-funded and as a result several surfaces are left unprotected and the attack strategies that can result in damages to patients, they are not taken into account ‘.