Healthcare CIOs face an increasingly hostile cyberscape.
Los Angeles, Calif. – Nov. 21, 2018
In April’s Cybersecurity CEO column, I explained that manufacturing is the new healthcare. The industry has been under constant attack – from malware like Cryptolocker doing real damage, to insider threat on the rise, to the lack of security controls around interconnected IoT and OT environments – and unfortunately, we’re still seeing an under-investment in cyber defense in this space. But don’t misinterpret my statement to mean that Healthcare CIOs are off the hook. The (cyber) bullseye on the backs of healthcare providers is still prominent.
Just last week I spoke at the HIMSS Southern California Summit. In a room full of healthcare IT professionals, the conversations were consistent. We’re all staying up at night worrying about lack of security personnel, security budget, vulnerability to threats, data breaches, ransomware, and the theft of employee credentials.
Sound familiar? Many of us are facing the same challenges in the cybersecurity space – but why are cyber criminals increasingly targeting healthcare institutions?
It turns out that medical records are actually more valuable compared to credit card data, often selling for upwards of $50 per record on the Dark Web compared to the $1 per record for social security numbers and credit card information. This shocked me but it makes sense when you consider that medical records include policy numbers, diagnosis codes, and billing information, all of which can be used to create fake identities to conduct medical fraud or file false insurance claims.
Next think about the alternative targets. Financial institutions are heavily protected when it comes to cybersecurity. Cybersecurity in healthcare is still lacking so it’s easier for cyber criminals to get into their internal networks.
All that considered, perhaps the most compelling reason to steal medical data is that medical identity theft is likely to go undetected by the patient or the healthcare provider for months while a cautious individual can track their bank statements regularly for suspicious financial activity.
Regardless of the motivations fueling cyber criminals to target the healthcare vertical, the reality is that being exploited can cause significant financial loss, disruption of business operations, and loss of reputation as a trusted healthcare provider. Therefore, when a CIO in the healthcare space reports to the board about the importance of cybersecurity, they need to establish cybersecurity as a business risk.
So how can healthcare providers protect their organizations? I spoke to the audience at HIMMS about the simplest ways to strengthen their overall security postures. Start with the greatest threats in the healthcare space. In my opinion –
- Growing risk of insider threats
- Growing IoT risks in healthcare
- Rising effect of targeted ransomware
My team put together the 2019 Healthcare Cybersecurity Report to address these three threats in more detail. We dissect the threats, discuss how to mitigate them and share insights from some of the top leaders across our Identity Services, Professional Services and Managed Security Services practices.
You can download the complete Herjavec Group 2019 Healthcare Cybersecurity Report here to learn more.
Let me leave you with this latest prediction from Cybersecurity Ventures:
Cybersecurity Ventures now predicts that ransomware attacks on hospitals will increase by more than 5x between 2018 and 2021.
We as cybersecurity professionals, particularly in the healthcare space, can’t afford to be complacent. This isn’t just about saving reputations, or money.
It’s about protecting infrastructures that help us save lives.
To Your Success,
Originally posted on cybersecurityceo.com