View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with
  1. Technology
April 1, 2022updated 16 Jan 2023 12:58pm

How the healthcare industry can best secure itself against attack

An over-reliance on inefficient or outdated legacy technology is leading to an explosion in ransomware attacks and data breaches. ManageEngine has compiled a list of best practises for healthcare providers to best protect data and patients.

Healthcare industry providers will tell you they face enough challenges without the devastating impact of security breaches and attacks. The last two years have been particularly strenuous, as the global pandemic has put virtually every aspect of operations under incredible strain. At the same time, the sector has come under an unprecedented number of attacks from cybercriminals.   

Such attacks pose serious risks that transcend the bottom line. In September 2020, Germany recorded the first ever instance of patient death linked directly to cyberattack, after a 78-year old woman passed away from an aneurysm at a hospital suffering the effects of a ransomware breach.

healthcare industry attack
According to figures aggregated from the United States Health and Human Services Office’s Breach of Unsecured Protected Health Information report, 2022, alone, 2.3 million patients were affected by data breaches (Photo by SeventyFour/iStock)

Typically, cybercriminals have come to rely on ransomware to extort crucial private data from healthcare providers and patients, with the intent to extort or blackmail those victims for financial gain. In the case of the 78-year old patient who died in Germany, the hospital was unable to cater to her needs as all of their operating systems had malfunctioned and were being held to ransom by cybercriminals eager to exploit the desperation of healthcare providers.

According to figures aggregated from the United States Health and Human Services Office’s Breach of Unsecured Protected Health Information report, in January 2022 alone, 2.3 million patients were affected by data breaches; whether from ransomware attacks on hospitals, clinics and doctors, or from targeted highly-specified attacks on individual patients.

Free White Paper

Healthcare Cybersecurity: 10 Ways To Thwart Healthcare IT Cyberattacks

By ManageEngine
Enter your details to receive the free paper:

Legacy issues

One major challenge is that an over-reliance on legacy technology permeates the industry as a whole. IT and operating systems are siloed, huge swathes of data are stored on vulnerable on-prem servers, and there is little consolidation of HVAC, patient monitoring systems, intensive care equipment, and even newer IoT technology.

Blind spots or gaps arising out of those blind spots make it easy for cybercriminals to breach security protocols, which can cost healthcare providers huge amounts of money when compared with the implementation of tighter security. According to the HIPAA governing body, the average cost of a healthcare data breach is higher than any other industry, standing at $9.23m and almost double that of the finance sector which sits at a distant second.

Indeed, the ‘Third-Party Breach’ report recently found that not only was the healthcare industry the most targeted victim of cyberattacks in 2021 at a staggering 33%, but that the average cost of a cyberattack had increased dramatically; up by 29.5% from 2020, when the average was $7.13m.

Minimise risk

There are things that healthcare providers and stakeholders can do to minimise the risk of cyberattack, provided that they are open to modernising their security protocols and move away from harmful embedded practices. These have been outlines in a paper by ManageEngine, “Healthcare Cybersecurity: 10 Ways To Thwart Healthcare IT Cyberattacks and Data Breaches”. 

First is to enable a zero trust network defence model, based on the premise that, until proven trustworthy, all network access devices are deemed hostile by default. It can be applied to VPN and proxy services, as well as other services that rely on trust between the client and server, and adds a significant next level of safety to the traditional network approach that considers a device trustworthy once it passes (typically) one security layer.

This leads to perhaps the most important form of protection: multi-factor authentication. Though this has become the standard within other industries, healthcare is still lagging behind in adoption. The idea is that users have to authenticate themselves in two or more ways to access their organisation’s information. Additional factors typically include timed one-off passwords, biometric scans, codes sent from authenticator apps, and facial recognition.

Another easy way to minimise the risk of cyberattack is to become more stringent about granting access. At all levels of healthcare, staff need quick and easy access to necessary data in order to provide quality care and carry out their roles effectively. By restricting access to what is strictly necessary, patient data is protected more closely and unnecessary admin time is cut down for staff.

End to endpoint

Of course, in terms of long term efficacy, ensuring endpoint management and protection is key to any bolstering of security. Endpoints can be office computers, mobile phones, tablets, routers, and other devices, and can access a network from both on-premises and remote locations. Broadly speaking, endpoint protection is multifaceted and includes vulnerability management, browser security, and application control.

A good example of an effective endpoint protection solution is ManageEngine Desktop Central, which aims at protecting user endpoints in multiple different ways, thereby ensuring security maximisation. Solutions like these work by securing end-user browsers as well as controlling external devices and applications. It also has the capability to centrally manage and monitor devices across multiple platforms, whether or not they are spread across a distributed network.

Modernisation is not just a question of updating IT and operating systems and hoping for the best. It is a constant battle of validation and evolution, testing network security against continually updating tech, qualifying and checking device upgrades, encrypting data, and performing regular software updates and patches. In a word, it’s about vigilance. Staying one step ahead of the cybercriminals who are always on the lookout for weakness.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU