Cybercriminals Intensify Attacks on Healthcare: Experts Call for Major Reforms
Cybercriminals worldwide are relentlessly targeting healthcare organizations, leveraging any vulnerabilities they can find. Despite ongoing efforts, healthcare entities are struggling to defend themselves as hackers' tactics grow increasingly sophisticated.
Cybersecurity Training for All Healthcare Employees
Human error remains a leading cause of cyberattacks across industries, notes Anurag Lal, CEO of NetSfere, a cybersecurity company specializing in secure messaging platforms.
"Most attacks occur due to an employee's mistake," Lal explains. "These errors carry severe consequences, creating a climate of fear among staff. In some cases, cybersecurity professionals avoid reporting breaches to protect their jobs."
To combat this, Lal recommends organizations foster an open-door policy, encouraging employees to discuss potential risks. Companies must ensure all staff can recognize cybersecurity threats and properly handle patients' electronic health information.
"Healthcare companies must clearly define job roles and ensure these are communicated throughout the organization," Lal advises. "Ongoing training must adapt to environmental and operational changes."
Government Standards for Cybersecurity
The absence of federal cybersecurity standards across industries is a critical issue, says Joel Burleson-Davis, Senior VP of Worldwide Engineering and Cyber at Imprivata.
"Without mandatory controls, resource-strapped organizations may neglect essential security measures," he warns. This inconsistency leaves healthcare organizations vulnerable, particularly as they become more interconnected.
Despite guidelines from NSA, CISA, and NIST, these recommendations lack enforceable standards and accountability.
"Organizations can choose whether to follow these guidelines," Burleson-Davis emphasizes. The lack of repercussions for attacks leads some healthcare providers to take risks with patient safety and data security.
Recent cyberattacks on Change Healthcare and Ascension underscore this urgency. Burleson-Davis insists on government-enforced minimum cybersecurity standards, coupled with incentives and resources to support robust cybersecurity programs.
"Real change requires standards and initiatives, alongside the means to achieve them," he asserts, noting that financial constraints often force healthcare providers to choose between essential medical equipment and cybersecurity.
Collaborative Efforts to Mitigate Shared Vulnerabilities
Cyberattacks may strike broadly, but their entry points are specific, says Gaurav Kapoor, CEO of MetricStream.
"In the financial sector, stakeholders collaborate swiftly when an attack occurs and share emerging risks proactively," Kapoor observes. However, the healthcare cybersecurity sector lacks similar cooperation.
Kapoor advocates for stronger collaboration among healthcare providers. Sharing details of cyberattacks can help other organizations patch their systems and prevent similar breaches.
"Healthcare needs to improve its cooperative approach to managing cybersecurity threats," Kapoor concludes.
By implementing these expert-recommended changes, the healthcare industry can fortify its defenses against ever-evolving cyber threats.
