By David Wagner, Zix Corporation
The healthcare field is currently in a precarious position. New technologies promise to improve care and increase the success of outcomes with far greater consistency. But those same technologies create vulnerabilities and invite cyberthreats that put every one of those agendas in jeopardy. U.S. Health and Human Services’ Office for Civil Rights believes the final number of cyberattacks in 2017 will far outpace 2016’s figure.
The growing size and scope of this threat is confirmed by McAfee Labs research. In second-quarter 2017, 26 percent of all observed cyberthreats were directed at healthcare organizations, making it the industry with the single highest volume of attacks.
With unprecedented uncertainty in the future of healthcare and the competing needs of cost versus efficacy, hospitals, clinics, and other stakeholders are faced with the daunting task of thwarting this record number of attacks as they embrace the transformative potential of technology.
Why Hackers Target Healthcare
Healthcare is an appealing target for several reasons.
First and foremost, the industry harbors a massive amount of electronic data — from protected health information to financial information — nearly all of which is sensitive and governed by regulations. Moreover, and given the nature of this data, hackers understand and manipulate the fact that healthcare providers have little means to negotiate without putting patient care at risk. Perhaps most consequential, however, is the healthcare industry’s reliance on technology. Hospitals and healthcare organizations are filled with overlapping systems, connected devices, digital touchpoints, and data in transit, all of which are easy and appealing attack vectors.
This scale of the IT infrastructure presents such a big problem because it creates so much opportunity for hackers. For instance, a recent ransomware campaign infected users with the Locky malware and then used that exploit to bypass other security protocols and deliver a second round of malware known as FakeGlobe.
The frustrating reality is that hackers are almost always one, two, or three steps ahead of their victims.
Building More Certainty Into Cybersecurity
Any industrywide cybersecurity strategy must be effective and comprehensive — i.e., affordable, powerful, convenient, and forward-focused. That’s a tall order, but these three strategies can help the healthcare industry achieve the right balance and implement the best measures possible.
The increasing sophistication of cyberattacks, competing goals focused on quality care, and limited budgets can easily make the challenge of data security daunting. However, a sound strategy that implements these best practices can overcome many vulnerabilities, protect sensitive data and systems, and assist in decreasing the target on healthcare.
About The Author
David Wagner has more than 25 years of experience in the IT security industry. He serves as the president and chief executive officer of Zix and previously held leadership roles at Entrust for 20 years. With his IT security and leadership background, David offers a business perspective that enables company leaders to better understand evolving cyberattacks and prepare for future threats.