Health care organizations are a notable target for cyberattacks, with crimes ranging from thefts of information from EHRs to complete shutdowns of hospital operations, endangering the care and lives of patients.
In 2017, a number of high-profile attacks brought the healthcare industry’s need to strengthen its cybersecurity into sharp focus. Ransomware, like WannaCry and NotPetya, has wreaked havoc in small hospitals and biopharma giants alike, and the vulnerabilities appear widespread and acute. One notable breach included Pacific Alliance Medical Center breached by ransomware attack, over 260,000 patients affected. Officials said the investigation couldn’t rule out whether 266,123 patient records were accessed. Another incident included a massive, high-profile assault in spring 2017. The WannaCry ransomware virus hit 81 British hospitals, leading to thousands of canceled appointments. The virus crippled the United Kingdom’s National Health Service (NHS), causing 19,500 canceled medical appointments; locking the computers of 600 general practitioners; and forcing 5 hospitals to divert ambulances elsewhere.
The ECRI Institute identified ransomware and other cybersecurity threats to healthcare—and the danger they pose to patients—as the top health technology hazard for 2018. A Department of Health and Human Services (HHS) Healthcare Industry Cybersecurity Task Force report to Congress in June found that digital security is in “critical condition.” According to the Protenus Breach Barometer, at least 1 breach occurs in the healthcare sector every day. Data compiled by the HHS Office for Civil Rights show hundreds of incidents in the past 2 years, affecting tens of millions of individuals. In October, a new WannaCry strain caused additional network downtime at FirstHealth of the Carolinas, a hospital system that takes patients from 15 counties.
Furthermore, according to a Q4 2017 survey conducted by Black Book Research, only 11 percent of health care providers plan to introduce a cybersecurity officer in 2018, with 84 percent lacking reliable leadership for combating cyberattacks.
So what’s keeping healthcare from fortifying its defenses?
Security understaffing, a lack of appropriate resources, unnecessary overconnectivity between devices, few means to securely install updates, long-lasting equipment operating on outdated software, and little staff awareness, experts said. A review of the most prolific and largest security incidents of 2017—from WannaCry and NotPetya to targeted attacks and old-fashioned human error—reveals industry-wide trends.
Interested in more information about the industry’s premier event to help protect against, mitigate and respond to data breaches and cyber attacks?
*Take Action: The 2018 CyberHealth Summit*
March 6-7, 2018 | The Nobu Hotel Miami Beach Eden Roc Resort | Miami, FL
Industry’s leading event to help protect against, mitigate, and respond to data breaches, advanced persistent threats, and cyber attacks.
The CyberHealth Summit will take place in March 2018, on Miami’s beachfront. Armed with the sun and sand, we will gather industry leaders to speak, collaborate, teach, lead workshops, roundtables, panels, breakout and interactive sessions. Through this two-day summit, based in collaborative conversation and content, we will create synergistic solutions with endpoint production. We will leave inspired and empowered, armed with a new family to fight the cyber-battlefront. If you are interested in viewing the full program, please download our brochure here.