by Colin Konschak and Shane Danaher
Nearly every day we hear on the news and in social media about some type of cybersecurity issue. Terms once arcane to the general public—malware, viruses, hacking, computer breaches, ransomware, to name a few—are now understood on some level by most everyone who uses a computer. However, for leaders responsible for providing effective cybersecurity in every business sector, general awareness is not nearly enough.
These days, IT security professionals are not facing small-time hackers probing for a hole in a firewall to commit a prank or steal a few account numbers. They are up against highly skilled professionals that include criminals, terrorists and spies, often with significant funding from criminal syndicates and even countries. The cybersecurity environment of today is no longer about hacking—it is about warfare.
Highly targeted cybersecurity breaches with big numbers and big names tend to make headlines—Yahoo, Target, Equifax, JP Morgan Chase—but perhaps nowhere is cybersecurity more critical than in healthcare, not only because of distinct inherent vulnerabilities, but because of what can be stolen.
Data piracy from healthcare organizations is where true “harm” comes in because of what can potentially be taken from them and what can be done with the data. When cybercriminals or cyberterrorists breach hospitals, health systems, medical practices and health insurance companies, they trespass far beyond what can be pilfered from a bank or government agency. Identity theft is big business today and a medical record is worth two or three times what a credit card number goes for on the Dark Web.
A 2017 report from the Health Care Industry Cybersecurity (HCIC) Task Force, a committee created as part of the Cybersecurity Act of 2015, concluded that healthcare cybersecurity is in “critical condition,” identifying five high-level challenges (Figure 1):1
- A severe lack of security talent
- Legacy equipment
- Premature over-connectivity
- Vulnerabilities that affect patient care
- Known vulnerabilities that are not corrected
Figure 1 Healthcare Cybersecurity Environment
Experian’s 2018 Data Breach Industry Forecast is currently predicting that two ongoing trends will continue:
- While big healthcare hacks will continue to get the greatest publicity, the small breaches will cause the most damage.
- Healthcare organizations will be targeted more than any other industry sector, and they will be hit with new, more sophisticated attacks.2
To find out more about why healthcare is so particularly vulnerable, how we got here, and how we get past it, see the first of 10 in a series of Divurgent whitepapers. Through these publications we intend to help leaders responsible for healthcare cybersecurity protect their organizations and wage war on the growing attacks. You’ll find the first whitepaper in the series here.
- Institute for Critical Infrastructure Technology. (2016, January). Hacking Healthcare IT in 2016: Lessons the Healthcare Industry Can Learn From the OPM Breach. Washington, DC: ICIT
- Experian. (2018). Data Breach Industry Forecast.