Health Care Cyberattacks: Why the Industry is At Risk
IN A NUTSHELL:
- Industry becoming a greater target for cyber attacks
- Value of health care data a driving force
- Lack of funding for cybersecurity exists
The health care industry is becoming a greater target for cyberattacks for a variety of reasons, such as the complexity of health care systems as well as the value of the data that is being stored.
According to a recent report from Radware, the average health care organization spends $1.4 million to recover from a cyberattack. The health care industry in particular is becoming a target for ransomware attacks. Tech media company The Next Web detailed five reasons as to why health care facilities and health systems have become more common sources of cyberattacks.
- Value of healthcare data: Hospitals and health care organizations are tasked with gathering a plethora of personal details on their patients, including credit card information, social security numbers, home address, etc. On the black market, a single patient health record could sell for around $1,000. All of the personal data within a medical record makes large scale attacks worth millions.
- Rising complexity of healthcare systems: Technology systems in hospitals are becoming increasingly more complicated, relying on an interconnected network of devices. Nurses and doctors rely on tablets and mobile devices in addition to computers and monitoring equipment. For hackers, this means attacking one vulnerability in a single device could destroy the entire network.
- Lack of understanding: Some hospitals don’t have cybersecurity divisions or IT departments as major decision makers are focused on improving health outcomes rather than thinking about security. This isn’t entirely the health care facility’s fault. The FDA hasn’t adequately prepared for the growing complexity of medical technology and few medical programs spend an ample amount of time on the principles of technology security.
- Misplaced attention of technology upgrades: Hospitals are more inclined to spend money on new medical equipment rather than on cybersecurity. Having the latest medical technology can mean better health outcomes for patients and a competitive advantage over other medical facilities in the area.
- Lack of funding: Improving technology security standards would require hospitals and health care systems to spend a lot of money beyond infrastructure. It would also entail health care facilities implementing more internal restrictions on new technology acquisitions.