By Rob Quinn, Vice President of Global Product Marketing at BridgeHead Software
Healthcare cyberattacks are happening at an alarming rate. The digital revolution has been extremely advantageous for both clinical practitioners and patients alike. Medical records are easier to retrieve, diagnoses can be made rapidly and more effectively, and hospitals are able to process patients faster than ever. Unfortunately, these technology benefits also come with a serious downside if not managed properly: the risk of healthcare cyberattacks and ransomware.
A recent survey by Imperva revealed that one in 10 healthcare organizations has paid a ransom. Tens of millions of patients have had their information compromised by these cyberattacks. In June of 2019, the American Medical Collections Agency elected to file bankruptcy after exposing the records of 25 million patients. Of the 948 entities impacted by ransomware attacks in the United States, 759 were healthcare providers, at a potential cost in excess of $7.5 billion.1 Recognizing their heightened vulnerability, healthcare organizations are turning to companies like BridgeHead Software to implement solutions to improve cybersecurity and protect their data.
Why Healthcare is Targeted by Hackers
The records that healthcare organizations keep on patients are extremely valuable. They contain personal, financial, and sensitive healthcare information. The accumulation and consolidation of that data has led Forbes to declare healthcare as one of the top 5 industries most targeted by hackers.2
Phishing and human error are the primary contributors. An astounding 93% of all breaches are initiated when people open up an email or click on a link that exposes the system to malware. As organizations have become more aware on the dangers of phishing, hackers have become increasingly sophisticated. Phishing has even expanded into social media, so that malware and viruses can be planted in the links of posts within social media platforms. Educating your organization on best practices regarding potential healthcare cyberattacks (in all their guises) should be a high priority in order to avoid the serious long-term consequences.
Unpatched systems pose another major threat to healthcare organizations. As systems age, security updates are released less and less frequently, until they ultimately cease completely. Old and unsupported systems are certainly an easy back door to medical records. However, hackers will utilize whatever means at their disposal to find security loopholes, e.g. exploiting web hosting and administration platforms running your website. More recently, IoT enabled devices have become a new target for cyberattacks. Manufacturers of smart TVs, medical devices, and similar equipment are often slow to make updates, and this is frequently overlooked by IT teams.
How Cyberattacks Hurt Hospitals and Patients
The costs of dealing with a cyberattack are grave enough to bankrupt massive healthcare organizations. The consequences don’t end with the initial attack. The aftershock of cyberattacks affects the doctors, patients, and the hospitals themselves. After all, on average, a larger scale cyberattack exposes the information of around 2 million patients.
While many healthcare organizations choose to pay the ransom in order to stay up and running, those that don’t often have to shut down for days at a time, inconveniencing or even threatening the well-being of patients. These ransoms must be reported to regulatory entities, and fines may be assessed for a breach that violates HIPAA, GDPR and other data privacy regulations. Compounding these fines is the damage to a hospital’s reputation, which will require more than rudimentary marketing to rehabilitate.
Every organization is focused on healthcare cybersecurity and are concerned about threats and vulnerabilities. The challenge is implementing robust solutions to mitigate or eliminate risk, especially as the threats change so rapidly.
One of the top ten reasons cited for successful cyberattack is the exploitation of legacy solutions. Hospitals do recognize that they are running older operating systems, hardware, and applications. But, the fact is that outdated software and infrastructure has historically not been easy to decommission and often the funding is not available to retire these legacy systems. However, this is no longer the case; and all healthcare organizations, from hospitals to smaller clinics, can now benefit from solutions, like those BridgeHead offers, to radically reduce the risks of cyberattack associated with vulnerable, legacy applications.
Reduce the Risk of Cyberattacks
As we’ve established, often hackers rely on human interaction to open the doors to healthcare systems. So, one of the best ways to reduce the risk of a cyberattack is simply to educate your staff on how to avoid these incidents.
But, with a clear focus by hackers on systems that are too old to support regular updates, healthcare organizations can implement BridgeHead’s HealthStore® solution. By extracting information from legacy applications, then storing and protecting it in a modern, secure, repository; they can be assured of the safety of patient data.
Ransomware attacks hinge on the fact that without access to patient information, patients cannot be treated. And to achieve their goal, cyber criminals will target the easiest and most vulnerable systems. By implementing a robust data management platform, such as HealthStore, which capitalizes on leading-edge security and monitoring technology, you dramatically reduce the risk associated with cyberattacks. The data from your legacy applications can be relocated to a secure and safe environment. Then those legacy systems can be decommissioned, dramatically reducing the threat surface and closing off security loopholes.
Furthermore, BridgeHead provides regular software updates and patches in line with new operating systems and hardware, as well as offering real-time monitoring of these environments so, in the unlikely event any problems were to occur, they could be isolated and shut down before they even begin. Whatever the threat, BridgeHead’s HealthStore ensures the safety and privacy of your patient’s data, so your hospital can continue to function regardless of the circumstances.
Is Your Organization Looking to Protect itself from Healthcare Cyberattacks?
Read our whitepaper: ‘Legacy Applications: A Healthcare Cybersecurity Nightmare’ to learn more about the clinical, operational, financial and governance risks that face the healthcare industry, and how you can protect your organization from healthcare cyberattacks.
Rob is responsible for go-to-marketing activities for BridgeHead’s clinical data management solutions. For the last 17 years he has worked in the high-tech field helping organizations within healthcare, life sciences, and finance more efficiently manage and analyze data. Rob started his career as an engineer at Raytheon building missiles for the United States Military before migrating to Product Management and Product Marketing roles within software companies such as The MathWorks, Oracle, and Agfa healthcare.
Rob holds a B.S. degree in mechanical engineering from the UMASS Lowell and an MBA from UMASS Amherst.