The hurdles in managing healthcare cybersecurity breaches
It was only a few months ago that we understood the severity of cyber attackers targeting healthcare facilities (although this is not necessarily a new concept). Their goal was to take advantage of the confusion and chaos caused by the coronavirus pandemic and hack the computer systems of hospitals, medical services, and crisis-response organisations.
In the first half of 2020, 22% of all cybersecurity breaches were reported to be healthcare cybersecurity breaches. The healthcare sector, in fact, reported the highest breaches in the country.
Yet, only a third of Australian healthcare organisations have integrated security awareness and training into their policies and procedures.
The impact of healthcare cybersecurity breaches can disrupt key medical practices. These disruptions have both financial and clinical implications. It can interfere with the continuity of healthcare operations and disrupt patient care due to the potential loss of private data.
The increasing digitalisation of the healthcare sector, while necessary, increases the likelihood of these incidents. They span from attempts to steal data or intellectual property to prevent computers or networks from operating in the first place.
The increasing incorporation of technology is critical for the precision of healthcare. In the same breath, hospitals and clinics need to amp up their cybersecurity measures to prevent and mitigate the effects of healthcare cybersecurity breaches.
So, how can healthcare cybersecurity breaches be managed? What are the cybersecurity challenges the healthcare industry is facing?
The challenge of protecting sensitive data
The healthcare industry is relatively unprepared for the requirements of data security. The industry also struggles to understand the existing threat landscape while staying ahead of new threats.
The Office of the Australian Information Commissioner (OAIC) has published the Notifiable Data Breaches (NDB) report for January to June 2020. According to this report, 26% of the data involved in the breaches were health information. This is only second to financial information.
The privacy of confidential patient data and the issues associated with the use of personal information are major challenges for healthcare providers. Increasing digitalisation is making this even more difficult to manage.
Ultimately, the risk to personal information is what threatens the confidentiality, accessibility, and integrity of the healthcare industry.
The challenge of securing healthcare facilities’ online presence
Healthcare providers depend on their websites and online services to connect with patients. Today, patients and healthcare professionals require ongoing access to medical resources. Their networks and applications must be available 24x7.
According to the NDB report, malicious and criminal attacks were the largest source of data breaches detected. In the healthcare sector, this accounted for 40% of all data breaches.
Malicious or criminal attacks are defined as attacks that are deliberately crafted to exploit known vulnerabilities for financial or other gains. This includes phishing, malware, ransomware, brute-force attacks, and compromised or stolen credentials.
The challenge of a lack of cybersecurity awareness
According to the NDB report, 57% of healthcare cybersecurity breaches resulted from human error. Examples of the healthcare cybersecurity breaches that happened due to human error include:
Sending personal information to the wrong recipient via email - 54%
Unintended release or publication of personal information - 28.5%
Sending personal information to the wrong recipient via post - 52.6%
Sending personal information to the wrong recipient via other methods - 67%
Failing to include multiple recipients in an email’s BCC feature - 50%
Manage healthcare cybersecurity breaches with the support of Triskele Labs
There are many insights and implications we can glean from the data published by the OAIC’s NDB report. In particular, the lack of security awareness among medical and support staff is alarming. The lack of security strategies in place to stop malicious attacks is also a huge concern.
This report only details the types of attacks the healthcare industry faced. The level of disruption these attacks must have caused, on the other hand, is unimaginable.
Today, we need to take immediate action to protect one of our community’s most critical industries from further threats. Otherwise, the integrity of the healthcare industry may be compromised.
Reach out to our team at Triskele Labs and find out how to manage healthcare cybersecurity breaches. We are a certified cybersecurity company and consultancy firm based in Australia.