Ransomware Threats Catapult Security to Top of Healthcare Priority List

May 29, 2016

Healthcare’s recent rash of ransomware attacks has made it clear that healthcare wears a fresh cybercrime target on its back now that patient data is going digital.

The very real threat of being operationally crippled and unable to serve patients is a vulnerability unique to healthcare, and one that cybercriminals seem particularly attuned to. Cyber-attacks targeting healthcare facilities have climbed more than 20% each year for the last three years running.

To help address the spate of hospital data hostage situations, in March of 2016, the Department of Health and Human Services (HHS) appointed members to a new Health Care Industry Cybersecurity Task Force. Over the course of the next year (2016 – 2017), the group will assess security measures across multiple industries in an effort to identify best practices providers can use to help keep patient data and medical devices secure.

With Cybercrime-as-a-Service on the rise and HIT security threats mounting, providers aren’t waiting around on task force findings to tend to the serious business of safeguarding patient data.

Protecting Patient Data

Providers are re-focusing on core security principles as they work to build better barricades against potential ransomware attacks. Some of those security initiatives include:

  • Backups: Ensure that duplicate data is accessible and housed offline with restricted access.
  • Staff Awareness: Educate employees on email phishing campaigns and the risks associated with file downloads and outside links from unknown entities.
  • Prevention: This healthcare system admin checklist offers advice on email configurations and server specs to help system administrators hold malware at bay.
  • Risk Assessment: Look for endpoint vulnerabilities across your IT infrastructure to identify security threats before they’re compromised. Partner with experienced, security-savvy vendors.
  • Business Continuity Plan: Develop a response plan for the worst-case scenario that is routinely tested with simulated attacks. Wired magazine recently shared a “hostage manual” for healthcare organizations that are the unfortunate targets of successful ransomware attacks.
  • Peer Communication: Beyond staff education, sharing HIT security strategies, stories, scenarios, and advice with healthcare peers will help the industry more quickly adapt to emerging threats.

Several unique challenges stand to make the arduous task of healthcare tech security even more difficult, including limited IT security personnel resources and multiplying points of potential attack as things like IoT take off. As HIT security threats evolve, an open, collective dialogue on these issues will help the healthcare market transition away from its IT-laggard past.

Ransomware’s Silver Lining?

Ironically, the ransomware adversary that healthcare is currently battling just happens to be rooted in a tech framework that could hold significant promise for the complicated tasks of patient data integration and access.

While tech developments like Bitcoin make it easy for more cybercriminals to target healthcare under the safe guise of anonymity, those new digital security threats are the very thing leading providers to the bleeding edge of related tech developments like Blockchain. Developed in the same dark web realm that bore Bitcoin, Blockchain’s use in healthcare could revolutionize the way patient data is stored and disseminated.

Whether it’s in pursuit of staying ahead of the next cybersecurity threat, or identifying new, secure ways to share patient data, healthcare should have a keen interest in all things data security related for the foreseeable future.