As the healthcare sector continues to fight on the frontlines against the COVID-19 global pandemic, it faces the added challenge of warding off a steady rise in cyberattacks. Attacks against the American healthcare system increased by 55% in 2020, with more than a third of healthcare organizations globally suffering ransomware attacks. Within the last year, major hospital networks, such as Scripps Health and Universal Health Services, were hit by ransomware, forcing emergency patients to be diverted to other facilities and causing millions of dollars in losses. Just last month, Memorial Health System, which serves populations in Ohio and West Virginia, had to cancel urgent surgeries and rely on paper records when its information systems were crippled by a successful attack.
A Sector in Critical Condition
This uptick in attacks follows a clear trend and is only expected to get worse. There are numerous reasons why the healthcare sector is a uniquely attractive target to cybercriminals. Personal health information, which can be sold for more than $350 per record on the black market, is far more valuable to thieves than financial data, such as credit card information, which typically sells for a dollar or two. Furthermore, healthcare system outages can affect patient health outcomes, creating a strong incentive for providers to get operations back online immediately by paying a ransom demand.
Despite the critical nature of their operations and data, healthcare providers tend to lag behind other companies in cybersecurity. Healthcare systems often utilize myriad vulnerable legacy systems and medical devices that are expensive to replace, lack well-defined incident response plans and their staff frequently share login credentials to improve efficiency in a fast-paced, high-stress environment.
These risks are compounded for rural hospitals with limited IT resources, more vulnerable patient populations and few options for diverting emergency cases during a ransomware attack.
Investing in Preventive Care
Earlier this year, the National Institute of Standards and Technology (NIST) published guidance for healthcare providers to shore up their defenses against the rising tide of ransomware attacks. Here are some critical steps providers can take:
- Use antivirus software to protect against malware
- Keep devices up to date with the latest security patches
- Use web filtering tools to block malicious websites
- Use access management policies to block unauthorized applications from spreading ransomware
- Use standard accounts rather than privileged ones wherever possible
- Invest in operational resilience to expedite recovery from an attack
- Train staff not to click on suspicious links or attachments
Ensuring a sanitary, hygienic environment is vital to protecting patient health. In the digital age, this includes maintaining cyber hygiene. MBL Technologies has extensive experience providing cybersecurity solutions in the healthcare sector. We can examine the health of your security systems and show you how to prepare for the coming attacks.