The Other Pandemic Plaguing Healthcare: Cybersecurity Breaches
December 17, 2020
COVID-19 isn’t threatening just the lives and livelihoods of our fellow citizens. It’s also wreaking havoc on the IT infrastructures of hospitals and other healthcare facilities around the globe. While healthcare executives are distracted with concerns over staffing, ICU bed shortages, PPE and viral transmission, hackers are working harder than ever to infiltrate security systems and gain access to patient and hospital data. Cybersecurity breaches in healthcare may be on the rise.
What’s worse is the vulnerability grows greater by the day. With the “fall wave” of the pandemic in full gear, hospitals and healthcare systems are overwhelmed, from physicians and nurses to administration and facilities personnel. Even IT isn’t spared from the chaos as they’re responsible for keeping staff enabled and digital infrastructures up and running during a time when system availability is essential. There likely isn’t enough time or resources to reinforce cybersecurity protocols or heighten the degree of vigilance. And the result can be disastrous. IBM Security states the average cost of a healthcare breach is $7.13 million. Even worse, such breaches often take months to detect making the sting even more devastating. Think about it… a seemingly innocent email gets through spam filters and email security applications and ends up in the inbox of an overworked hospital worker. They click on it and inadvertently activate an attack that ultimately brings down the whole network.
This isn’t a “what if” scenario. It’s already happening. Since March, hospitals have been vigorously targeted by organized cybercriminals intent to bring down these institutions with ransomware and other types of attacks. Just weeks after the World Health Organization declared COVID-19 a pandemic, they experienced a five-fold increase in cyberattacks directed at its staff and the general public. Such threats jeopardize everything from patient privacy to a hospital’s ability to care for patients… at a time when patient care is priority number one.
Make no mistake, cybercriminals aren’t launching these attacks merely to wreak havoc or cause headaches – there’s a strong financial incentive. Healthcare data is extremely valuable on the black market; one patient medical record can be worth up to $1,000, according to Experian. Combine the potential windfall with the easy target of a sector stretched thin from a pandemic, and it’s easy to understand why the frequency and impact of cyberattacks are increasing so dramatically.
Compounding the problem is the surge in telehealth adoption. Suddenly, there are millions more devices that hackers can count as targets or points of entry, many of which lack sufficient layers of protection – devices such as home systems, laptops and smart phones, to name a few. Of course, it doesn’t mean that healthcare systems shouldn’t employ a telehealth strategy, as it can be especially valuable in rural areas or with high-risk demographic groups that are uncomfortable venturing outside their homes for routine or follow-up medical appointments. It does mean, however, that IT organizations need to take the incremental measures required to ensure their networks and any endpoints they touch are secure.
What Action Does a Healthcare IT Organization Take to Prevent Cybersecurity Breaches?
So, what is an IT organization in the healthcare sector to do? One of the most immediate and cost-effective solutions is to partner with a managed IT services firm and outsource day-to-day application management responsibilities so internal staff can focus their time on initiatives or challenges that require their undivided attention. The right managed services firm – one with healthcare experience and, more importantly, a deep understanding and commitment to cybersecurity and protecting their clients’ environments – can go a long way in helping facilities rest comfortably knowing their networks and staff are safe.
Secure by Design
This is why NTT Managed Services built our solutions to be “secure by design.” We understand there is no situation where iron-clad cybersecurity isn’t necessary, especially in healthcare, and we’ve designed our services accordingly, which means our clients can have the confidence their IT deployments are secure, 24x7x365. More importantly, if there is an incident of some sort, we get the affected systems back up and running immediately to minimize the impact to our clients’ operations. That’s our priority.
Pandemic or not, cybercrime is not going away – but for as long as this pandemic does exist, healthcare facilities will remain a prime target. IT teams need to move quickly to make sure they have the right resources in place to help them combat the threat. Otherwise, the already-unthinkable impact of COVID-19 will go far beyond anything reported on the evening news.
Jaclyn Miller is the Chief Security and Privacy Officer, NTT Ltd. Managed Services