Avoiding a Cyber Epidemic - Healthcare Cybersecurity Attack Tips
Healthcare
Nearly 80% of healthcare professionals surveyed by Claroty reported experiencing at least a single cybersecurity incident over the last year. In their “Global Healthcare Cybersecurity Study 2023,” the IoT-centric cybersecurity company, Claroty surveyed 1,100 professionals across four continents with representation from numerous industries including cybersecurity, biomedical engineering, information systems, and clinical engineering, among others.
This study found some shocking information related to the costs associated with cyber incidents on the healthcare industry. Among the findings was information related to ransomware attacks, in which, over 25% of victims ended up paying the ransom. While the majority of entities hit by ransomware did not fork over the payment that cybercriminals were after, it does not mean they came out unscathed financially.
Each attack comes with recovery costs, or the costs associated with getting the business back up to normal operations following an incident. More than a third of respondents to Claroty’s survey reported having to pay upwards of $1 million in recovery costs.
The overall results from this Study outline that healthcare professionals hold cybersecurity in high regard, but that multiple factors hold them and the industry at large back from succeeding in protecting the vital patient PII (personally identifiable information) as well as PHI (protected healthcare information), both of which make the industry such a highly valued target for malicious actors. Limited budgets, overworked staff, and scarce access to qualified cybersecurity professionals are among the barriers facing healthcare pros today.
You might find yourself asking what can be done to assist this important industry in staying cybersecure? While the easier fixes come in the form of increased budgets and the hiring of well-qualified cybersecurity experts, both are commodities which are in short supply today. Due to this fact, other avenues must be explored to protect this sector in the meantime. Below are some tips that can be implemented now in order to help healthcare professionals enhance their cybersecurity measures starting today.
Backup and encrypt data - Again, one of the key things which makes healthcare so highly targeted is the data collected by professionals in the industry. Be sure to protect data by backing it up to a separate network often and encrypting it whenever possible. This not only adds another layer of protection for essential data, but helps to expedite the recovery process should an incident occur.
Update everything - From computer systems to smart monitors and more, be sure everything that can be updated, is updated. Oftentimes, manufacturers will push vulnerability patches with updates, and this is a simple easy way to keep your system protected.
Create an incident recovery plan - As is clear from Claroty’s study, cybersecurity incidents on the healthcare industry are common. While the goal in cybersecurity is to prevent an attack from happening altogether, this is not always the case. In the event of a cyber attack, risks can be mitigated by having an incident response plan already in place. This involves identifying the key members, data, and necessary action to be taken if an attack occurs. This can not only help to lessen the severity of the attack, but it can also reduce the recovery time and costs associated with an attack. While the goal is to avoid an attack altogether, having a game plan for what to do in the event of something happening is key to getting back to normal as quickly and effectively as possible.
Consult cyber professionals in your area - While the cybersecurity skills gap persists, it can be difficult to find qualified staff to join your healthcare system’s team. Consulting with local cybersecurity professionals can help provide that guidance necessary for navigating the task of protecting data without the cost of a salaried employee. This setup can work for some hospitals and healthcare facilities that have more limited budgets but a desire for strengthened cybersecurity.
