Health care is quickly becoming one of the most targeted industries for cyberattacks and data breaches. This makes sense, as medical practitioners keep vital and valuable personal information that could easily be used for identity theft and other nefarious purposes. It's therefore crucial for health care providers to take the necessary steps to protect this information and ensure that measures are in place to quickly deal with any threats. Let's take a look at how cyberattacks are affecting the health care industry.
Lack of preparation
Many organizations make the mistake of thinking that a breach will never happen to them or that their current security systems will always be viable for emerging threats. To make matters worse, a survey by KPMG found that 81 percent of health care executives reported experiencing a cyberattack within the past two years, but only 53 percent said they were ready to defend against this type of event. The advancement of technology, like the adoption of digital patient records, is introducing new vulnerabilities that must be addressed within the provider's security capabilities.
"In terms of technical capabilities, the healthcare industry is behind other industries in protecting its infrastructure and electronic protected health information (ePHI) – as commonly seen in the use of outdated clinical technology, insecure network-enabled medical devices, and an overall lack of information security management processes," the KPMG report stated.
Although only a slim majority feel confident in their ability to combat a security breach, many health organizations are taking steps to improve. Eighty-six percent of providers and 88 percent of payers reported that they invested in information security during the past year. This shows that people in the industry are beginning to realize the consequences of being unprepared and are actively taking steps to have adequate resources in place.
If a patient's information has been breached, there is often considerable fallout for the affected organization – including the loss of customers and revenue. For example, UCLA Health recently felt the full effects of the cyber attack on its reputation. In early August, a class action lawsuit was filed against the provider, claiming it didn't adequately store private medical information for around 4.5 million patients during the breach. According to the Daily Bruin, the lawsuit seeks involve third-party security auditors and internal security personnel to test systems on a regular basis. This would help verify compliance with industry standards and ensure that UCLA Health is taking the necessary steps to avoid further events.
A number of details are believed to have been exposed, including names, addresses, Social Security numbers, date of birth, health plan ID numbers and medical record information. This type of data can be very valuable to attackers and must be well protected.
Health care is an essential part of our lives, and as such, it's also become a lucrative target for cybercriminals. By investing in security information and event management (SIEM), organizations will be able to detect and mitigate issues quickly.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.