The state of healthcare cybersecurity should have us worried. It is a poorly kept secret that hospitals are extremely vulnerable to even rudimentary cyberattack.
The industry needs to start changing. Cyberattacks can devastate hospitals financially and seriously hurt patients. To solve this problem, we have to answer two questions.
The first question to ask is why healthcare cybersecurity (especially in hospitals) tends to be so poor. The second question we need to answer is how to fix those problems.
Healthcare Cybersecurity is Living in the Past
While the healthcare industry as a whole has a cybersecurity problem, it is really hospitals that are by far the worst offender when it comes to poor security.
It is difficult to properly convey just how poor cybersecurity tends to be in hospitals. 83% of hospitals run with outdated operating systems on important devices. Over 25% of hospitals are using either an unsupported version on Linux or Windows XP (or older).
If you're unfamiliar with cybersecurity, the above may not sound particularly distressing. If you are, then you understand the serious (and unnecessary) risk these hospitals are taking on.
What one needs to keep in mind is cybersecurity is essentially an arms race. Criminals figure out weaknesses in computer operating systems. Companies learn about the new ways criminals attack, and they upgrade their systems to counter.
An operating system is one of the single most important pieces of software a computer will have. It is basically how a computer works in the first place.
The problem with an outdated operating system is companies eventually stop updating them. They move on and release a newer (and usually much more secure) system.
However, this doesn't mean criminals suddenly stop learning the old system's weaknesses. They know many people won't update their computers. The older one's operating system, the easier a target you are for criminals.
It only becomes easier and easier for criminals to exploit an outdated system. They don't even need to be particularly tech-savvy; they only need to research the methods of attack other criminals have learned about and copy the methods.
How an Old Operating System Can Do Harm
The unfortunate reality of a vulnerable operating system is it can lead to a cascade of other problems. If someone can control an OS, they basically control the entire computer.
This fact makes up the core of most healthcare cybersecurity problems. Criminals can use what seem like small vulnerabilities to quickly gain large amounts of control.
While not a unique problem to outdated operating systems, they make this kind of attack much easier. From there, criminals can steal data or potentially even shut down vital systems.
This doesn't just open up hospitals to financial and legal problems. In many cases, a criminal could also use this power to hurt patients. If data is changed or medical machines altered, a patient could be put in great danger.
This also leads into another form of attack criminals often use in tandem with hacking outdated operating systems: ransomware.
Ransomware is software criminals use to hold a computer system hostage. Once downloaded, it will usually hijack important files and make them impossible to access. Then it will demand money be paid to the hacker.
This might sound likes science fiction but is a very real problem. A major chain of hospitals was recently hit with such an attack.
Numerous hospitals lost access to essentially all computer-based tools due to the attack. Luckily, nobody was killed but a larger hospital could easily have seen patients die due to the delays the attack caused.
As mentioned, a weak OS makes it much easier for criminals to get this software onto your computers. However, they also can target employees and try and trick them into downloading the software themselves.
So how do we improve cybersecurity in healthcare? You need strong IT. Unfortunately, many hospitals have anything but.
Hospitals are full of medical professionals but that expertise doesn't directly translate to security. It is often difficult for administrators to even know where to begin making the changes needed to keep things secure.
Hiring on a strong IT team, like the one ADVANTEX provides, fixes this problem. Our security experts can quickly identify vulnerabilities and help guard against cyberattack.
Whether you hire an IT team or not, there are some basic best practices every hospital can adopt to help improve security:
• Only use operating systems that are still receiving regular security updates
• Make sure data and key programs are only accessible by those who need access
• Prevent staff from downloading any programs without the proper authorization
• Back-up data in such a way that it will be safe even if your primary computers are compromised
Telling healthcare professionals they need to invest in IT is not a marketing gimmick. Cybercriminals are attracted to the industry because of its notoriously weak security. You either need to take the measures necessary to stay safe or hire someone who can help you do so.
Modernizing Your Healthcare Cybersecurity
Securing your computer systems isn't easy unless you have some technical expertise. Organizations must be very careful about trying to save costs doing the work themselves. Healthcare cybersecurity is not a place for cutting corners.
If you'd like to avoid the risk and better guarantee your security, we'd love to help. Contact ADVANTEX and our experts can start getting your organization prepared for even the most modern cyberattacks. Consultation is free so there's no risk to finding out how you and your patients could be made safer!