Q&A: Cyber Security in Healthcare Industry

Technological advancements are enabling technology and people to be better connected to one another. This process has bridged digital and physical worlds. In other words, it has resulted in the development of a network of connected and smart devices that can communicate with each other. However, the increasing use of networked technology has already brought numerous cyber security threats. The uniqueness of the data that healthcare industry handles draws the attention of hackers or ‘bad actors’, as they are constantly searching for opportunities to infiltrate the organizations. Simply put, the risks are greater than ever before. Therefore, we decided to create this Q&A blog post on cyber security in healthcare industry with intention to make the cyber security issues identifiable and actionable.


Q1: Why should healthcare industry care about cyber security?

According to a research conducted by Grand View Research, global healthcare cyber security market size is projected to reach about EUR 9.2 million (CHF 9.88 million) by 2022. The most important factors attributing to the growth of the market include the growing incidences of cyber attacks for misuse of electronic health records, social security records, and intellectual property theft.

It goes without saying that cyber security has become a critical issue for many organizations, and healthcare industry is no exception. The industry is significantly progressing towards a more tech savvy routine: it improves patient care and speeds up the communication of health records. Because this industry handles massive amount of sensitive information, it has long been seen a prime target for cyber criminals. Considering the emergence of a new class of attacks and rapidly increasing cost of cyber attacks, healthcare organizations should make cyber security a topmost priority. After all, neglecting the dangers associated with cyber security can disrupt operations of the organization and even permanently harm the reputation of the organization.


Q2: What are the threat scenarios the healthcare industry is facing?

In fact, cyber attacks can happen anywhere, anytime. The following are the 3 most common cyber security threats that healthcare industry faces:

  1. Ransomware attacks
  2. Intentional insider threats
  3. Email phishing attacks


1. Ransomware attacks

Ransomware is a type of malware used by hackers that first encrypts files and then attempts to extort money in return for the key to decrypt the files by demanding a ransom. Usually, the ransom is demanded in the form of bitcoins, purely because these transactions are irreversible. The bad news is that paying a ransom doesn’t guarantee that the attacker will unlock the locked data.


Quick tip

Stay alert if any email demands you to enter your credentials. Many ransomware attacks are sent in phishing campaign emails requesting you to open an attachment or click on a link. In addition to that, provide employee awareness and compliance training during the onboarding process.

https://www.cisecurity.org


2. Intentional insider threats

Second threat is an intentional insider threat. Insider can be a member of an organisation or anyone with authorisation to perform certain activities. So, insider threat comes from the members of organization who can maliciously misuse their access to violate enterprise policies and to damage organization’s assets, other resources and reputation.


Quick tip

Implementing security software and appliances is one way of minimizing the risk of intentional insider threat. This includes deploying the software such as traffic monitoring software, web filtering solution or endpoint protection system.


3. E-mail phishing attacks

Phishing is a serious threat to healthcare organizations. Many significant security incidents originate with a successful phishing attempt. In the most basic sense, phishing is a social engineering tactic. It’s used to persuade people to provide sensitive information or take action via trustworthy communications. Intruders can send an email with a link or attachment to employees. If employee clicks the link, he or she is directed to a fake login page, which is designed to gather employee’s login credentials. Lastly, the collected information is transmitted to the attackers.


Quick tip

Familiarize yourself or your employees with your organization’s policies for reporting a suspicious e-mail is when they begin employment. Make sure your employees know that when they get an email that are not expecting, they should verify it before opening it or clicking on the link atteched.


Q3: How can hospital leadership stay informed about cybersecurity threats to the hospital?

In today’s world of ever-expanding cyber threats, it is crucial that hospitals secure their networks as much as possible. For many, a well-defined security plan can seem overwhelming at first, however with the right knowledge, it can be simplified to minimize the level of risk that the hospital might take.

There are numerous benefits of incorporating cyber security risk into the hospital’s overall governance as well as business continuity framework. Therefore, hospital leadership will remain informed about the potential cyber security risks to the hospital and its digital assets. As a part of this process, the hospital board must be notified periodically as regards the cyber security threats. In addition to that, cyber security incident response plan must be shared with the board committee.

The director of the hospital must schedule meetings with the Chief Information Officer and also other members of the organization’s cyber security team. Last but not least, apart from the core cyber security team, hospital’s legal and HR department, and training staff should play an active role in building and executing the cyber security incident response plan.


Final thoughts on cyber security in healthcare industry

Healthcare industry has underwent a massive digitalization. Workflows in healthcare facilities have advanced and posed new security challenges. So, Thus, main assets of healthcare facilities are exposed to increasing cyber risks. simply put, cyber security is no longer an option for healthcare industry. It must be admitted that the problem keeps getting severe and pervasive, as the healthcare organizations moves to electronic health record systems.

Are you interested in detecting risks and vulnerabilities and creating an actionable road map towards building a mature security posture for your organization? Then, check our Cyber Security Specialist training the Swiss Federal Diploma. An entry level cyber security specialist who has 1-3 years of experience, makes an average salary of CHF 84.486 in Switzerland. We have also shared a blog post on how to become a cyber security specialist. Do you have more questions? Reach out to us.