The state of healthcare cybersecurity should have us worried. It is a poorly kept secret that hospitals are extremely vulnerable to even rudimentary cyberattack.
The industry needs to start changing. Cyberattacks can devastate hospitals financially and seriously hurt patients. To solve this problem, we have to answer two questions.
The first question to ask is why healthcare cybersecurity (especially in hospitals) tends to be so poor. The second question we need to answer is how to fix those problems.
While the healthcare industry as a whole has a cybersecurity problem, it is really hospitals that are by far the worst offender when it comes to poor security.
It is difficult to properly convey just how poor cybersecurity tends to be in hospitals. 83% of hospitals
run with outdated operating systems on important devices. Over 25% of hospitals are using either an unsupported version on Linux or Windows XP (or older).
If you're unfamiliar with cybersecurity, the above may not sound particularly distressing. If you are, then you understand the serious (and unnecessary) risk these hospitals are taking on.
What one needs to keep in mind is cybersecurity is essentially an arms race. Criminals figure out weaknesses in computer operating systems. Companies learn about the new ways criminals attack, and they upgrade their systems to counter.
The unfortunate reality of a vulnerable operating system is it can lead to a cascade of other problems. If someone can control an OS, they basically control the entire computer.
This fact makes up the core of most healthcare cybersecurity problems. Criminals can use what seem like small vulnerabilities to quickly gain large amounts of control.
While not a unique problem to outdated operating systems, they make this kind of attack much easier. From there, criminals can steal data or potentially even shut down vital systems.
This doesn't just open up hospitals to financial and legal problems. In many cases, a criminal could also use this power to hurt patients. If data is changed or medical machines altered, a patient could be put in great danger.
This also leads into another form of attack criminals often use in tandem with hacking outdated operating systems: ransomware.
Ransomware is software
criminals use to hold a computer system hostage. Once downloaded, it will usually hijack important files and make them impossible to access. Then it will demand money be paid to the hacker.
This might sound likes science fiction but is a very real problem. A major chain of hospitals was recently hit with such an attack.
Numerous hospitals lost access to essentially all computer-based tools due to the attack. Luckily, nobody was killed but a larger hospital could easily have seen patients die due to the delays the attack caused.
As mentioned, a weak OS makes it much easier for criminals to get this software onto your computers. However, they also can target employees and try and trick them into downloading the software themselves.
So how do we improve cybersecurity in healthcare? You need strong IT
. Unfortunately, many hospitals have anything but.
Hospitals are full of medical professionals but that expertise doesn't directly translate to security. It is often difficult for administrators to even know where to begin making the changes needed to keep things secure.
Hiring on a strong IT team, like the one ADVANTEX provides, fixes this problem. Our security experts can quickly identify vulnerabilities and help guard against cyberattack.
Whether you hire an IT team or not, there are some basic best practices every hospital can adopt to help improve security:
Telling healthcare professionals they need to invest in IT is not a marketing gimmick. Cybercriminals are attracted to the industry because of its notoriously weak security. You either need to take the measures necessary to stay safe or hire someone who can help you do so.