Analysis
Features
Medical
OT Network security

Health Care Cybersecurity and Protecting Hospitals

October 21, 2019
Health Care Cybersecurity

Recent ransomware attacks highlight need for improved health care cybersecurity. Earlier this month, a cyber attack in Victoria, Australia targeted some of the state’s major regional hospitals. The suspected ransonware attack shut down booking systems at the facilities and administrators worried patient records had been compromised.

This recent attack and others over the past year have left many concerned about the state of health care cybersecurity. More and more hospitals are seeing increased connectivity as they implement new technologies and as a result, their IT systems have become more susceptible to cyber attacks.

To emphasize the threat, in May Victoria Auditor-General Andrew Greaves successfully hacked into the IT systems of some of the state’s biggest hospitals and accessed sensitive patient data. In a report detailing the importance of cybersecurity for health systems, Greaves explained that although tools like digital records have improved health systems, there are risks associated with using these tools.

“While digital records can improve patient care, a cybersecurity breach could alter or delete patients’ personal data or permit unauthorised access to this data. A breach could also disable health services’ ICT systems and prevent staff from accessing patient information,” Greaves wrote in a report. “Health services’ security measures protect their ICT systems and the infrastructure used to store patient data. However, human action—either unintentional or malicious—can undermine even the most sophisticated security controls. To manage the security risk, health services need a culture of security awareness, with their staff trained to identify and respond effectively to data security risks.”

Hackers are targeting health care systems in the United States as well. This month, a ransomware attack on the DCH Health System in Alabama forced three hospitals to stop accepting new patients.

Additionally, on Oct. 1, the U.S. Food and Drug Administration issued an alert warning of cybersecurity vulnerabilities in certain medical devices. These devices include certain kinds of imaging systems, infusion pumps, and anesthesia machines. According to the alert, software that can be used to exploit these vulnerabilities is already publicly available , though no breaches have been reported.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

“These vulnerabilities may allow anyone to remotely take control of the medical device and change its function, cause denial of service, or cause information leaks or logical flaws, which may prevent device function,” the FDA alert said.

Despite the attention currently being paid to hospital cyber attacks in light of frequent incidents in recent months, health care cybersecurity isn’t a new issue. In 2018, the American Medical Association released a report highlighting the importance of cyber security in health care. The report included the results of a survey of 1,300 physicians around the United States.

According to the report, 83 percent of those surveyed had experienced some kind of cyber attack. One in two physicians said they are “very” or “extremely” concerned about future cyber attacks. And, 83 percent of physicians see the value of a security risk assessment and recognize that current measures aren’t enough to truly address cyber threats.

The health care system isn’t the only sector with growing cybersecurity concerns. According to the August 2019 McAfee Labs Threat Report, ransomware attacks across all industries grew by 118 percent in the first quarter of the year.

Similarly, this month, software company Tripwire released the results of a survey of cybersecurity professionals. According to the company’s report, most organizations are worried about cyberattacks having physical operational consequences and business impacts.

In Tripwire’s survey, nearly 50 percent of survey respondents said current investments investments in cybersecurity are not enough. Additionally, half of those surveyed said their company had suffered an outage or data loss during the past 12 months and half said they expect an attack on critical infrastructure within the next 12 months.

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
HHS warns of social engineering attacks targeting IT help desks across health sector
HHS warns of social engineering attacks targeting IT help desks across health sector
Proposed CIRCIA rule boosts cyber threat understanding, early detection of adversary campaigns, offers coordinated actions
Proposed CIRCIA rule boosts cyber threat understanding, early detection of adversary campaigns, offers coordinated actions
Growing need to implement effective post-incident recovery strategies in evolving OT, ICS environments
Growing need to implement effective post-incident recovery strategies in evolving OT, ICS environments
Vulnerability handling according to the European Cyber Resilience Act (CRA)
Vulnerability handling according to the European Cyber Resilience Act (CRA)
New legislation mandates minimum cybersecurity standards to safeguard healthcare providers in case of future hacks
New legislation mandates minimum cybersecurity standards to safeguard healthcare providers in case of future hacks