The vast and complex global healthcare is vulnerable to looming cyber security threats with rising chances of data pilferage, but the industry is not cyber-resilient. The cybercrime bonanza is on as evidenced by the recent ransomware attacks in the UK and the healthcare breaches in the US.
Global cybersecurity workforce shortage is about to hit 1.8 million by 2022, a notable 20% rise from 2015, as reported by Global Information Security Workforce Study. This shortage is assumed to be due to lack of qualified professionals which is exposing the healthcare IT security to enhanced threats of cyber-attack.
Challenges in healthcare IT security:
The challenges are massive exposing the healthcare IT to more cybercrimes. It is just like a bank locker holding valuables but without a foolproof locking system.
Enhanced use of EHR:
Electronic Health Records (EHR) provided more efficiency and improved patient care but increased the threats of cyber-attacks. Wide adoption of EHR system that came along with incentives provided a great tool to maintain health records but the IT security system remained weak and prone to attacks. Only in the last few years, some financial investments in cyber-security have been observed.
Outdated hardware and software:
According to few experts, outdated software may be one of the reasons causing the massive Wannacry ransomware attack in UK health service. While expensive advanced medical equipments are being readily installed, many healthcare organizations still stick to outdated software which are not even supported by the device. This exposes a higher risk of data pilferage through cyber attacks.
Downplaying cybersecurity:
Hardly people get convinced that a lag in IT security system can lead to disastrous consequences and can cripple an organization. Those yet to experience a cyberattack are less willing to pay heed to this.
They fail to realize that being proactive in maintaining a foolproof security system saves money and reputation of the organization. For big organizations, it is tough to undermine the importance of cybersecurity but the smaller groups are yet to be updated about this fact.
Inadequate resources hindering proper cybersecurity implementation:
This is a hard reality that most small organizations and rural hospitals face. They do not have enough resources to counter the cyberattacks and their situation is no better than the bigger organizations. They may have upgraded to maintaining EHR but have not invested enough in IT security.
Interconnected healthcare system increasing the risk:
It is not necessary that cyber attacks enter through big doors. These can initiate through small organizations and gradually penetrate to the larger ones. Naturally, the interconnectivity of healthcare system is the cause. It is needless to mention that resource constraint is an issue for everybody. Cyber attacks are common in small medical offices but since they are not given due importance, the entire cybersecurity issue fails to gain due attention.
Medical data is more valuable:
These are even valuable than credit cards. The entire details of a patient including their social security numbers apart from the medical history are recorded in the databank and remain there for years. These can be used in a number of fraudulent practices. More importantly, a medical theft takes years to be discovered and by that time many may fall prey to the mal-intentions of the attacker.
Increased handling of medical data by the patients:
Patients are getting better access to their medical records through online portals set up by the healthcare organizations. Very few patients are aware that these data should be monitored watchfully just like the bank records. This negligent attitude of the patients is making things difficult. More the number of such online log-ins by the patients greater is the surface area for cyber attacks.
Lack of accountability:
Nobody can be charged in the event of cybersecurity since there is no defined person or a team managing the cybersecurity issue. Few big organizations though have managed to employ designated professionals, but in the medium and smaller organizations, there is hardly any IT professional to monitor IT security all the time.
Need for intelligent cyber incident response platforms:
Recently, the US Department of Health and Human Service (HHS) announced the launching of a dedicated cybersecurity center The Health Cybersecurity and Communications Integration Center (HCCIC). This would greatly reduce the vulnerability through better information sharing and implementation of best practices. Such programmatic information sharing platforms with in-built intelligence would help to mitigate the risks of cyber-attacks to a great extent.