COMMENTARY. Hospitals are in the crosshairs: As collectors of some of the most personal and sensitive data available, hospitals are a prime target for hackers and cyberattacks.
Patient data needs to be treated with as much care and sensitivity as the patients themselves.
As a whole, the healthcare industry is a gold mine of sensitive data, with information ranging from relatively simple billing and credit card data to in-depth medical history and treatment information.
As a result, hospitals are a prime target for cybercriminals; 88% of healthcare organizations reported experiencing some sort of cyberattack, and an estimated 10% of Americans have had their personal health information exposed in a healthcare-related breach.
It's not at all uncommon for hospitals to be shut down or incapacitated by highly planned and well-executed attacks.
In the mildest cases, these attacks are breaches that expose patient data; in the most severe cases, hospitals are held literally hostage, unable to render lifesaving care to their most vulnerable populations.
Hospitals are stuck in an ever-expanding game of cat and mouse with hackers.
The last few decades have seen the digital footprint of hospitals and healthcare administrations expand as treatment has evolved, first through the regulation of digital medical records then through the explosion of telehealth.
Even hardware-based medical advancements like implanted technologies have increased hospitals' digital surface area.
With every digital expansion, a hospital system's vulnerability increases: the amount of data that the hospital is responsible for increases, and the number of attack vectors for hackers increases.
How Hospitals Can Better Protect Patient Data Hospital administrators need to be aware of the scope of vulnerabilities in their system - from doctors and nurses, to third-party contractors, to hospital equipment manufacturers and programmers.
Without the proper redundancies in place, every individual who can touch data represents a potential access point for a data breach or hack.
Protecting a healthcare system requires a ground-up approach to data security culture.
As much as hospitals value patient care, they must also value patient data privacy and protect it with everything from back-end infrastructure systems to in-person learning and testing.
Hospitals should be doing more to bring everyone into a culture of security.
Hospitals should also run regular vulnerability scans and penetration tests to check that their systems can withstand cyberattacks or human error.
Federal standards like the NIST Cybersecurity Framework provide guidelines for hospitals to configure systems according to best practices and benchmark security postures on a regular basis.
Critically, hospitals and healthcare systems need to do a better job of creating a system of sharing: sharing best practices, sharing threat intelligence, and sharing issues.
Hospitals as Data Privacy Defenders Hospitals stand on the front lines, not just in battling diseases and ailments, but also in safeguarding the sensitive and crucial information of every patient they serve.
Ultimately, by implementing a proper data protection program of policy and practice, hospitals will not only protect the invaluable data entrusted to them but also uphold the integrity and trust that form the bedrock of patient-caregiver relationships.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 11 Jan 2024 15:00:04 +0000