![\"\"](\"https:\/\/cdn-01.cms-eu-v2i.applyflow.com\/identifi-global\/wp-content\/uploads\/2022\/03\/CybersecurityHealthcare.jpg\")
<\/p>\n\n\t<\/p>\n
\n\tAfter May 2017\u2019s WannaCry cyber attack, <\/span>which cost the NHS an estimated \u00a392m<\/a> and also affected other countries across the globe, both governments and authorities alike pledged to ramp up cybersecurity across the sector. Unfortunately, though, the healthcare industry is one that remains plagued by threat.<\/p>\n \n\tIsraeli researchers <\/span>have created a virus<\/a> that is able to add tumours into MRI and CT scans, while in the first three quarters of 2019, the number of threat detections<\/a> across the healthcare sector rose by 60% compared to 2018 in its entirety. <\/p>\n \n\tIn the healthcare sector, there\u2019s a great deal at stake, with access to patient records, tampering with appointments and impacting on connected devices just a few of the industry\u2019s major concerns. As <\/span>Adam Kujawa, director of Malwarebytes Labs<\/a>, says, “We should be arming healthcare now with extensive security measures because…ransomware is looking to penetrate healthcare organisations from several different angles.”<\/p>\n \n\tSo why is the industry such a target, what are its specific challenges, and what does the sector need to do to overcome these?<\/p>\n \n\tIn a report <\/span>published by cybersecurity firm Carbon Black<\/a> earlier this year, the company\u2019s chief cybersecurity officer, Tom Kellermann, summed up the sector\u2019s appeal to hackers quite succinctly. \u201cWhat\u2019s at stake is insurance fraud, identify theft, the corruption of the integrity of data that can lead to malpractice,\u201d he said. \u201cIt\u2019s the corruption of sensitive life-saving systems or robotics surgery systems that can lead to deaths. What\u2019s at stake is the irrecoverable destruction of healthcare data that\u2019s digitized and people having to start from scratch.\u201d<\/p>\n \n\tAnd this healthcare data is of huge value to cyber criminals. The Carbon Black report claims that our personal health information is <\/span>worth three times more<\/a> than personal identifying information like credit card numbers or addresses – and can be used by fraudsters in a variety of ways. As well as holding individuals to ransom by threatening to reveal their medical information, criminals may buy personal health information to attempt to file fake claims with insurers, or to create fake IDs in order to buy drugs or medical equipment. <\/p>\n \n\tWhile a financial breach will often include just a single marker, healthcare data will generally include all of an individual\u2019s personally identifiable information. And while healthcare is subject to many of the same breach types and weaknesses as other sectors (like a lack of cybersecurity training amongst staff), it also has its own sector-specific challenges that must be addressed.<\/p>\n \n\tNot only is the healthcare sector targeted because of the value of its data, it also has its own quirks and complexities that make it a sitting duck.<\/p>\n \n\tChallenge 1: Innovation vs. legacy<\/strong><\/p>\n \n\tThe healthcare industry is becoming increasingly complex. The Internet of Things has opened up a wealth of opportunities for the sector, from <\/span>smart tech that improves cancer care<\/a> to ingestible sensors<\/a> that confirm whether a medication is being taken as directed. There are even now industry events covering the topic<\/a>. <\/p>\n \n\tWhile innovation is a positive step in terms of improved patient care, it comes with challenges. For many healthcare providers, these new technological developments sit alongside legacy applications that house historic data. Often, this will be either because the new vendor wants no responsibility for the quality of older data, or because the migration is deemed too cost-prohibitive or complex.<\/p>\n \n\tWhat this means, though, is that hackers are given an easy in: an unsecured back door that could lead to systemic infection of entire hospital systems.<\/p>\n \n\tChallenge 2: Huge numbers of devices<\/strong><\/p>\n \n\tConnected devices are becoming so prevalent in healthcare that it is claimed that <\/span>the average hospital room<\/a> is home to between 15 and 20 such solutions – and that a large hospital could be home to up to 8,000 IoT devices. <\/p>\n \n\tSecurity breaches can occur in any of these devices, from pacemakers and MRI scanners to CAT scanners and insulin pumps. In 2017, cybersecurity vulnerabilities were discovered in certain implantable pacemakers, requiring nearly 500,000 people to install a software patch for protection. <\/p>\n \n\tHowever, a key issue here is in the numbers. With healthcare services now so reliant on so many different connected devices, it can be hard to keep up-to-date with the latest threats to each and every one. Hackers who can access just one device could gain access to reams of personal data as well as to other connected devices – should it be the responsibility of centralised IT teams to manage every single device in use, or should healthcare professionals be equipped to take responsibility for their own areas? Calls for cybersecurity training to be <\/span>incorporated into medical curriculums<\/a> suggest that the latter may be beneficial.<\/p>\n \n\tChallenge 3: A shortage of full-time cybersecurity employees<\/strong><\/p>\n \n\tWhile it may make sense for healthcare professionals to take some ownership of the security of their own connected devices, this alone isn\u2019t enough. <\/p>\n \n\tIn June 2017, <\/span>the US Health Care Industry Cybersecurity Task Force revealed<\/a> that three in four hospitals have no dedicated cybersecurity professional, while a report the following year showed that 49% of hospitals have no CISO<\/a>.<\/p>\n \n\tThis needs to change. Mitigation strategies and internal cybersecurity training should be led by a central cybersecurity employee or team. But with the ISACA State of Cyber Security Report revealing that 27% of healthcare firms are unable to find suitable candidates to fill cybersecurity roles, there is clearly more work that needs to be done.<\/p>\n \n\tThese three challenges all require solutions, with responsibilities lying both with the government and healthcare trusts as well as with individual organisations. <\/p>\n \n\tAs more and more new systems are introduced, the number of legacy applications that will be left to fester – and to entice cyber criminals – will continue to increase. In situations like these, it\u2019s vital that healthcare organisations have a robust retirement strategy in place that identifies levels of vulnerability and details how to deal with them.<\/p>\n \n\tThe majority of cybersecurity issues within healthcare, however, can be resolved by people. The number of connected devices is on the rise, but healthcare providers are increasingly employing bring your own device (BYOD) policies: one survey claimed that <\/span>81% of healthcare organisations<\/a> allow medical staff to use their own mobile phones, tablets and laptops in the workplace. 46% of those companies, however, are doing nothing to secure these devices. <\/p>\n \n\tIt\u2019s clear that a large part of the problem lies in staff training. Educating staff in everything from email security to handling confidential patient data is a must, with a cybersecurity training and strategy policy being dictated centrally. <\/p>\n \n\tTo do this, however, a CISO or similar is required – it should not be the remit of a regular IT team. Without qualified cybersecurity staff, lack of guidance and understanding could mean that medical staff are unaware of their responsibilities, will not know when new security patches need installing, and could notice too late when an attack takes hold. <\/p>\n \n\tEstablishing a culture of security – one where trained, full-time experts, training, education and sharing come together – can make a big difference to the industry. And with healthcare\u2019s technological side developing at such a rapid rate, it\u2019s something that needs to happen sooner, rather than too late.<\/p>\n \n\tIt\u2019s clear that the healthcare industry needs quality cybersecurity professionals to secure its future. If you\u2019re looking to make your next move into the healthcare sector, <\/span>take a look at our latest vacancies<\/a>. <\/p>\n \n\t \n\tImage credit: <\/span><\/strong>Unsplash<\/a><\/span> <\/em><\/p>\n After May 2017\u2019s WannaCry cyber attack, which cost the NHS an estimated \u00a392m and also affected other countries across the globe, both governments and authorities alike pledged to ramp up cybersecurity across the sector. Unfortunately, though, the healthcare industry is one that remains plagued by threat. Israeli researchers have created a virus that is able… Read More »Cybersecurity and the healthcare sector<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":14376,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[39],"tags":[],"class_list":["post-15255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news-trends"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/posts\/15255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/comments?post=15255"}],"version-history":[{"count":0,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/posts\/15255\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/media\/14376"}],"wp:attachment":[{"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/media?parent=15255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/categories?post=15255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identifiglobal.com\/af-api\/wp\/v2\/tags?post=15255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n\tWhy is healthcare a target? <\/h2>\n
\n
\n\tWhat are the cybersecurity challenges specific to healthcare? <\/h2>\n
\n\t“Should healthcare professionals be equipped to take responsibility for their own areas?”<\/strong><\/h4>\n
\n\tWhat now for the healthcare sector? <\/h2>\n
\n\t“Educating staff in everything from email security to handling confidential patient data is a must.”<\/strong><\/h4>\n
\n\t <\/p>\n\n\t <\/div>\n","protected":false},"excerpt":{"rendered":"