Healthcare cyber risks are on the rise in the United States, especially following the spread of COVID-19, as providers are tasked with protecting copious amounts of patient information. Cyberattacks soared in 2020 due to the pandemic’s onset, which left overloaded healthcare organizations vulnerable to cyber risks. But even without a global pandemic, the industry is increasingly becoming a target for hackers and cyber threats.
Clients in the industry need to get acquainted with their healthcare cyber risks and how to protect against them. Here are the top 7 cyber threats facing the healthcare industry heading into 2021.
Health systems are not only overloaded with skyrocketing numbers of patients, limited bedspace, and razor-thin supplies, they have to struggle to find workers who have cybersecurity or IT backgrounds. The talent shortage for cybersecurity experts with healthcare knowledge is only falling shorter as cybersecurity or IT professionals are unlikely to choose a healthcare career path because of the liability that rests on them and their organization if a cyber threat takes place. The financial and reputational impacts of such threats, such as a data breach, have long-lasting effects.
Increase in Data Breaches from Remote Work
Everyone from teachers to fitness trainers moved from their work office to their home office in the wake of COVID-19. Understaffed and underfunded IT security departments within healthcare organizations are struggling to accommodate the surge in demand for remote services from physicians and patients while responding to the surge in security risks at the same time.
Hospital and health system employees who shifted to a remote work assignment did not receive updated guidelines or training to transition their office in an increasingly risky environment. This has opened the door to data breaches of cloud computing systems and sensitive healthcare information.
Cybersecurity Consulting Can’t Meet Demand
Much like IT professionals not filling spots in the industry, cybersecurity consultant positions remain vacant. These professionals assess gaps, secure network operations, and oversee the use of security on-premises and in the cloud. There isn’t enough talent to staff healthcare organizations and health systems. As providers struggle to recruit, hire, and retain staff, the choice is retaining an experienced advisory firm that can identify and mitigate security risks.
There have been more than 200 individual ransomware attacks on U.S.-based healthcare organizations since 2016 alone; the industry’s costs are in the hundreds of millions of dollars. Of those affected by ransomware, nearly 75 percent are hospitals or clinics that hold sensitive health data. Because these facilities rely on 24-hour access to medical records to serve their patients, they are more likely to fork over a ransom. This makes medical facilities a prime target for more attacks.
“Classic” Cyber Attacks
Classic cyber risks, such as social engineering and third-party vendor attacks, are still prevalent. Social engineering uses phishing and employee vulnerabilities to attack systems, and third-party vendor software risks exploit known gaps in unpatched security systems. Fortunately, security awareness training and ongoing educational resources can teach employees how to recognize common cyber threats.
Sometimes, the call is coming from inside the house. Intentional insider threats continue to plague the industry by as much as 50 percent. From forcing employees to help carry out a threat to employees bribed to help out, insider risks need more attention.
Other inside motives include malicious threats, especially in disgruntled employees with an ax to grind. And the more comprehensive hospital organization networks, including smaller clinics that offer assisted care, are not immune to breaches from the inside.
Underfunding in the Industry
Cybersecurity measures cost money, and the industry doesn’t have enough of it to stay safe. The amount of money that is actually spent on healthcare cybersecurity products and services is rising, averaging 21 percent year over year. Outdated IT systems, fewer cybersecurity protocols, and untrained IT professionals working in-house make healthcare the current main target for hackers. Threats are growing, demands are rising, and there is still less money available to protect against attacks.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.