A data breach is every company's worst nightmare: stolen information, customer and employee data at risk, the need to report to regulatory bodies, a damaged reputation, enormous financial costs—these are all very real consequences of a successful cyberattack.
But when your business is healthcare, the cost can be even more heart-stopping.
How Cybersecurity Breaches Impact Heart Attack Victims
A new study found a correlation between data breaches and an increased number of fatal heart attacks in the U.S.
Researchers found that after organizations suffer a breach, they put stronger security practices in place. But some measures—like longer passwords, more authentication layers, and quicker logout times on idle machines—may unintentionally lead to a deterioration in urgent patient care.
When new security barriers are put in place, it can take nurses and doctors longer to get past them, which increases the time it takes to help patients who are suffering a heart attack.
When cardiac arrests occur, medical professionals only have a limited amount of time to treat patients before their chances of short-and long-term survival diminish. For example, industry guidelines recommend that cardiac patients immediately receive an electrocardiogram (EKG) test have its output interpreted within 10 minutes of arriving in the emergency room.
However, the study showed that following data breaches, hospitals took an additional 2.7 minutes on average to hook patients up to an EKG. In many cases, that pushed the total response time to over 11 minutes. This increase was still observable up to four years after the breach occurred. The same hospitals also saw the mortality rate for heart attacks go up by 0.36%, the equivalent of 36 deaths for every 10,000 heart attack victims.
Cybersecurity Challenges to Healthcare Efficiency
Security measures are often inconvenient by design to make breaching them more inconvenient for the attacker. But methods that slow the attacker down, such as two-factor authentication, are also inadvertently slowing legitimate users in hospitals. Healthcare organizations need to think outside the box when it comes to protecting their systems from data breaches.
At the same time, new challenges are on the horizon. As patient records are increasingly digitized, the ability to safely share information between practitioners and preregister patients as they come through the doors can potentially help save lives. But healthcare providers will need to ensure these records are securely held and always shared safely.
The rise in ransomware attacks also pose a threat to the healthcare sector. In cases such as the WannaCry viral attack on the National Health Service in the UK and a recent attack on Campbell County Health in Wyoming, clinics and hospitals were forced to close and appointments and surgeries were postponed. By holding vital data hostage, attackers crippled these institutions' ability to provide healthcare to patients in need. According to McAfee Labs, in the first quarter of 2019 ransomware attacks grew by 118%, new ransomware families were detected, and threat actors used innovative techniques.
New Approaches to Evolving Problems
Healthcare providers need solutions that will not only help protect them against today's rising risks of data breaches and ransomware attacks, but also grow with them in the future as healthcare technology evolves.
It's not just money or reputations that are at risk. In this industry, it, more importantly, affects patient care and mortality rates.
Hospitals and clinics need to change how they approach cybersecurity if they're to meet the threats of data breaches and ransomware while reaping the benefits of digitization. Compliance is already stringent and it's likely to get tougher in future as government and industry bodies establish further obligations for the industry.
The Cure for Cyberattacks
In this challenging environment, healthcare providers need help. Most hospitals have at best a small IT team that needs to manage all systems, data reporting, and infrastructure, while also monitoring and addressing risks.
A security operations center (SOC) can allow the team to assemble data from various systems, find and analyze anomalies, and identify potential threats. But establishing and running a SOC is far from an easy or low-cost job.
Many healthcare providers are turning to providers of managed detection and response (MDR) services, especially when part of a SOC-as-a-service. This type of solution frees up the IT team's hours to focus on implementing projects that lead to better patient care instead of relying on them for constant firefighting against the latest cyberthreats.
It also gives hospitals a comprehensive overview of their infrastructure, security posture, and vulnerabilities, which makes reporting for business or compliance much easier.