This post is also available in: עברית (Hebrew)
Almost every month during 2020, more than 1 million people in the US were affected by data breaches at health-care organizations, according to data reported to the US Department of Health and Human Services (HHS) and cited by wsj.com.
Intelligence agencies in the U.S., Canada and Europe have warned repeatedly that nation-state-backed hackers and cybercriminals are attempting to break into health-care systems to steal vaccine-related research and other data.
The growing threat to healthcare cybersecurity comes as this sector has been coping with the grave consequences of the COVID-19 pandemic. Security and technology staff at hospitals suddenly had to deal with an expanded remote workforce, an overload of COVID-19 patients in the wards and the setting up of makeshift sites for virus testing.
Cybersecurity basics have been often neglected by healthcare organizations, including practices such as using two-factor authentication, said Austin Berglas, global head of professional services at cybersecurity company BlueVoyant.
Moreover, health-care providers often use a patchwork of systems from third parties rather than their own technology, which exposes them to supply-chain risks, as Terry Ray, senior vice president and fellow at cybersecurity firm Imperva claims.
Without viewing cybersecurity as a priority and allocating the necessary funding and resources, hackers will keep targeting hospitals.
Hackers typically exploit hospitals with the following vulnerability points, according to the wsj.com:
Networks – Without secure access control, hackers can infiltrate the network at one point and then move freely once inside.
Internet of Things – Connected medical devices often lack built-in security features.
Personal devices – The hospital network becomes more vulnerable to cyberattacks when clinicians connect personal devices.
Data storage – Ransomware attackers can do more damage when electronic health records, payment and insurance information are stored in one place.
Remote work – Remote COVID-19 testing and vaccination sites as well as more nonclinical staff working from home increases security risk.