Rising cyberattacks in the healthcare sector a cause of worry

There are multiple critical solutions involved in the healthcare sector that need higher protection, writes Raj Srinivasaraghavan, CTO, SecureKloud Technologies

About Author: Raj Srinivasaraghavan, Chief Technical Officer, SecureKloud Technologies has over 25+ years of experience in the tech industry. He has architected & lead the implementation of many innovative solutions/services for customers in Healthcare, Information Technology and BFSI verticals. Primarily from a strong security and product engineering background, he has been the principal architect of MISP (Multi-Domain Identity Services Platform) & CIE (Cloud ID Exchange) – in-house IAM & Security products.

Cyberattacks are on the rise, despite increased investment in security, stricter payload screening processes, sophisticated firewalls, and the introduction of new tools and technology to keep the attackers at bay. According to Check Point research, cyber-attacks increased by 38 percent in 2022 compared to 2021. Each and every data breach costs millions of rupees.
Though no sector is immune to the attacks, healthcare has mainly been the hot target for hackers. Healthcare systems are highly vulnerable due to many inherent and external reasons that are discussed below. The same report referred above, noted that the healthcare sector suffered 1410 attacks per week per organization on an average, which is 86% higher than the attacks in 2021.
According to the Cost of Data Breach Report, healthcare globally had the highest number of data breaches in 2022, and each incident cost around $10.10 million. A study by Health informatics assessed that data breaches cost the industry approximately $5.6 billion annually. Healthcare has become an easy target because of multiple data and user touchpoints, use of smart devices, heavy dependency on data, and a comparatively low level of cyber literacy among the stakeholders. Besides, the sector is more lucrative for hackers. A report from Experian said that protected health information could fetch about $1,000 per record on the dark web, whereas even the credit card details would get them only $5.
Understanding the gravity of threat
There are different types of attacks, and ransomware is one of the most common, with one in every 41 organizations facing it. Similarly, with almost 80% of organizations now preferring to store data in the cloud, cloud breach has become another common phenomenon. Phishing, network vulnerability attacks, and man-in-the-middle attacks are other types.
More than the financial loss and reputation of the affected companies, what is more alarming is the adverse impact of such an attack on healthcare delivery and patient safety. When data is breached, systems are hacked, digital diagnostic and treatment machines are damaged, the most significant impact is on the patients. That is, hackers are playing with people’s lives when they target the healthcare sector, unlike other sectors.
There are multiple critical solutions involved in the healthcare sector that need higher protection. E-prescribing systems, Electronic Health Record (EHR) systems, practice management, radiology information tools, clinical decision support systems, and physician order entry systems are all vulnerable to attacks today.
There are multiple stakeholders involved in these systems, and this also further opens up loopholes. It is a complex supply chain. Patients, C-suite executives, staff, vendors, market suppliers, doctors, nurses, lab technicians and third-party IT companies are part of this ecosystem, and each touchpoint needs to be protected from attacks. Besides, it is also essential to secure vulnerable medical devices. The latest advances like the Internet of things, smart devices for patient care, and automated diagnosis with the help of artificial intelligence further increase the attack exposure. Every connected and outdated device poses a risk of attack and is an entry point for hackers. The data has gone entirely digital, and we have reached a state where data drives the healthcare delivery systems significantly. Above all, most of the breaches are the result of employee errors and authorized disclosures.
It is crucial to safeguard the tools, digital systems, networks, and data in the cloud and devices from possible attacks. The first step is to control the flow of data and control access, as in the case of any other sector. Organizations should observe malicious file activity and stop unauthorized emails from being shared. They must use a password/PIN, cards and keys, face, fingerprint, or retina recognition, primarily any multifactor authentication method to protect patient data from illegal operations. Encrypting data during transmission and storage is another essential step.  In addition to the available basic measures like antivirus, data backup, data loss prevention, a secure gateway for email, and client and server TLS Certificates, the use of new technologies such as blockchain can also improve health data security significantly. Above all, it is vital to train the staff as, in many cases, overstretched staff cause security concerns. Reportedly, cyber literacy is comparatively low in hospitals and in the healthcare sector in general.
Way Forward
Unlike many other sectors, the security approach cannot be one-dimensional, as many stakeholders are involved in the ecosystem. What is needed is a collective approach involving healthcare providers, employees, employers, third-party IT providers, and all other stakeholders. So, the perfect strategy could be a ‘holistic health treatment’ covering all touch points, systems, stakeholders, and providers. Mutual trust between all the players is as important as the treatment. Because the mutual trust can be then leveraged to collectively solve cyberattack issues of the stakeholders which like any medical treatment should begin with the correct diagnosis of the problem followed by the correct treatment via implementation of best security prescriptions and practices.

**The views expressed by the author are his own and can’t be necessarily attributed to the BioVoice News.