Healthcare facilities are typically busy, teeming with patients who require care and professionals who provide life-saving services. Imagine if, all of a sudden, a healthcare facility’s computer systems froze and became inaccessible due to a cyberattack. Critical patient care services — including surgeries and emergency dispatch services — will be delayed, and healthcare professionals will have to resort to manual documentation, which will significantly impact operations and patient care outcomes.
Cybersecurity might not be the first thing that comes to mind when it comes to keeping patients safe, but as the example above shows, it is an important factor that healthcare organizations must consider to reduce patient safety and privacy risks. In this article, we discuss how cybersecurity protects patient safety and privacy. We tackle the most common types of cyberattacks waged against healthcare organizations and provide security recommendations that can prevent threats and risks from disrupting operations and affecting clinical outcomes.
Why do threat actors target hospitals and healthcare facilities?
Healthcare facilities are home to a treasure trove of patients’ personally identifiable information (PII) and financial information. This information, which is necessary for healthcare facilities’ operations, is very attractive to cybercriminals.
When stolen in large numbers, threat actors can weaponize such data to steal identities and sell such information on the dark web to other cybercriminals for purchase. Threat actors may also demand ransom from healthcare facilities, threatening to expose stolen data if payment is not made.
Aside from financial motivations, cybercriminals can also target healthcare organizations for intelligence gathering purposes. Nation-state actors also target healthcare research facilities and third-party suppliers to steal intellectual property, hoping to get a leg up on their competitors.
Threats and risks against healthcare organizations
The following are the most common types of threats and risks that affect hospitals and healthcare facilities:
Ransomware attacks
A ransomware attack is a type of cyberattack that prohibits victims from accessing important files on their machines and network storage. In a ransomware attack, threat actors encrypt mission-critical files and only decrypt the files once the ransom amount they set is paid. When a healthcare organization doesn’t have backup files, it won’t be able to recover the encrypted information, significantly disrupting operations and, at times, causing patient deaths.
In 2024, a ransomware attack hindered the operations of several London-based hospitals and contributed to the death of a patient. Because of operational disruptions brought about by the Qilin ransomware group, hospitals failed to conduct blood testing services efficiently, which led to the patient’s death.
Data breaches
Ransomware or other malware attacks can also lead to a data breach, which is a cybersecurity incident involving the unauthorized access to victims’ sensitive or critical information. The healthcare industry is not immune to data breaches; in fact, it’s one of the most pressing cybersecurity challenges affecting the sector.
According to IBM, the healthcare industry had the highest average breach costs at $10.93 million. It also typically takes the industry 213 days to discover a data breach, longer than the average for other industries, which is 194 days.
Early this year, DaVita, a US-based kidney care provider, fell victim to a ransomware attack that led to a massive data breach affecting almost 2.4 million individuals. According to reports, the PII and medical information of millions of patients, including Social Security Numbers (SSNs) and health insurance data, were stolen during the ransomware attack.
Prioritizing cybersecurity in healthcare: Security recommendations
To be protected against various cyber threats, healthcare organizations need to keep their security posture strong by using cybersecurity solutions, including endpoint detection and response (EDR) solutions and email security tools, among others. On top of that, hospitals can benefit from adopting the following security recommendations:
· Conduct regular cybersecurity training sessions. Employees should be trained on how to spot emails that contain malicious attachments and links. Conduct regular cybersecurity simulations to discover weak spots, improve incident response, and enhance employee awareness.
· Enable multi-factor authentication (MFA) and use strong passwords. All employees must be mandated to enable MFA on their accounts as an extra layer of protection. Aside from MFAs, employees must be tasked to create strong passwords that use a combination of upper- and lower-case letters, symbols, and numbers.
· Keep software updated. Make sure to promptly apply updates and patches that become available to software, firmware, applications, and operating systems.
· Keep cloud and off-site file backups. This will help ensure continuity of operations even during cyberattacks.
· Adopt the principle of least privilege. To reduce the attack surface, only give users the minimum access level and permission necessary to perform their tasks.
