Recent trends in healthcare cybersecurity breaches and the capabilities needed to tackle them
Share
There are no two words about it: the modern healthcare industry is a prime target for cybercriminals.
From data theft to business disruption, healthcare facilities grapple constantly with various security risks and breaches. Cybersecurity was even a massive challenge for healthcare providers in 2020 as they worked to combat the COVID-19 crisis.
On the face of it, there are two key reasons why the industry is such a lucrative target for cybercriminals:
The type of sensitive data collected and used
The relatively lower levels of cybersecurity maturity compared to other industries
This has meant that the industry recorded the highest number of breaches in the country.
Despite this, only a third of Australian health organisations have policies in place to manage healthcare cybersecurity breaches. In this post, we look at recent trends across healthcare cybersecurity breaches and what the industry needs to do to address them.
Recent trends across healthcare cybersecurity breaches in Australia
Ransomware, malware, command and control obfuscators, lateral movement frameworks, wormholes, and spear phishing
Accessibility
DDoS and DoS
As identified in this study, the most common types of cyber attacks general practice facilities were affected by included:
Phishing
Malicious software
Ransomware
Alterations of facility websites
Across the industry, the majority of attacks were attributed to compromised or stolen credentials. Next in line were malware and ransomware attacks. Human error was also a common cause of cyber attacks. This spanned:
Wrong email recipients
Unauthorised disclosure
Paperwork and device loss
Wrong blank copy recipient in emails
How can the industry improve its security posture?
The increase in cyber attacks during the pandemic, while disruptive, helped us gain much-needed insights about healthcare-related cybersecurity breaches.
These insights show us that to safeguard industry practices, a combination of technical and behavioural strategies need to be implemented.
One tactic is to improve cybersecurity education or awareness training among employees. This may be the most important strategy to prevent cybercriminals from getting their hands on low-lying fruit.
Cybersecurity education will help employees be more mindful about the authenticity of any electronic communications they receive. It will also help them inculcate better security habits and take steps to reduce the rate of human error we’re seeing.
This alone, however, won’t empower healthcare providers to identify every vulnerability and prevent data theft. A few strategies that may prove useful in this regard are ethical hacking and penetration testing.
These services prevent healthcare cybersecurity breaches in a number of ways. To begin with, service providers will be able to analyse their network environment, identify potential vulnerabilities, and even help security teams ensure compliance with laws like the Healthcare Identifiers Act.
While this is not the extent of security strategies that can be executed across the industry, these are some of the primary tactics healthcare facilities can use to their advantage.
Want to know more? Work with Triskele Labs to respond to healthcare cybersecurity breaches
From cybersecurity awareness training to internal network penetration testing, at Triskele Labs, we meet your every cybersecurity need. By helping you execute a custom security programme, we help you shore up your defences successfully.
Reach out to our team to explore how our services and solutions can help you stay ahead of cybersecurity breaches. Find out how you can keep your digital health assets secure.
