4 top threats to healthcare cybersecurity
Hackers, data breaches, phishing — healthcare cybersecurity is under constant attack. In fact, the U.S. Department of Health and Human Services (HHS) reports that cyberattacks in healthcare have risen at an alarming rate since the decade began.
Cyberattacks not only damage an organization’s reputation and relationships, they can also result in penalties as large as $1.5 million annually. Hackers aren’t just stealing information — they’re holding it for ransom. When critical medical records are no longer accessible because they’re held for ransom, patient health suffers. Healthcare’s focus on patient health is part of what encourages ransomware attacks — hackers bet that they will pay. In this article, we look at four more factors contributing to the rise in threats to healthcare cybersecurity.
Staffing
There are fewer healthcare staff than before the pandemic — 78,000 fewer in July 2022 compared to Feb. 2020. The U.S. Bureau of Labor Statistics reported “that more than 275,000 additional nurses are needed from 2020 to 2030. Employment opportunities for nurses are projected to grow at a faster rate (9%) than all other occupations from 2016 through 2026.
Those healthcare workers who struggled through the pandemic are experiencing fatigue and burnout, causing frustration and lack of vigilance — making organizations more susceptible to attack.
Healthcare organizations (HCOs) are turning to remote workers, telehealth, and other solutions to overcome staffing shortages and widen the hiring pool. That can come at a cost. Remote devices that aren't connected properly or equipped with the right capabilities can leak sensitive PHI. Hackers can quickly gain access to your network through a remote connection and deploy ransomware or steal valuable patient data, resulting in a breach and loss of business operations — threatening patient care.
Healthcare data draws a high dollar on the black market because it is rich in personal data and valuable to identity thieves giving access to credit card information, email addresses, Social Security numbers, employment data and health history.
By outsourcing services to established IT organizations, HCOs can enable secure remote work necessitated by shifting employee needs.
Paperwork
Paperwork can be a security risk. PHI can be compromised when paper forms are scanned, copied, printed, or faxed. Three ways to improve security and reduce the risk of cyberattacks in healthcare:
1. Implement electronic forms – Replace paper forms with electronic versions and sync them with electronic health records. Patients and staff will enjoy the availability and convenience of having the correct, secure form ready for a signature, even in a telehealth environment.
2. Automate workflows – Automated routing moves encrypted information seamlessly to only the appropriate team or individual in a HIPAA-compliant, secured environment. For employees working from home, ensure settings allow for secured off-site exception handling.
3. Employ patient and form barcodes – Guard PIP by employing barcodes for tracking, auditing, reporting and return mail handling. Barcode-driven workflows eliminate manual collation and the need for random compliance inspections.
Healthcare leaders are seeking partners that can help streamline operations from the front to the back of the office while offering secure transmission of PHI as it passes through each point. Why?
Managing multiple vendors spreads staff thin and creates complexities with processes, security, finances, and more. And digital interfaces for connecting different vendors’ electronic health record systems are often prohibitively expensive.
Part of the challenge is the proliferation of medical devices — some with legacy software systems that can no longer be updated. And those medical devices can be used as weapons. Application programming interfaces (APIs), the tools needed to exchange records and data, can be exploited to gain access to a network. It’s necessary to test APIs extensively to ensure security to allow the applications to continue talking to each other without leaking sensitive PHI.
Given the interconnected nature of the future with Internet of Medical Things devices, virtual care, robotics, and more, the current perimeter-based security model used by most healthcare organizations isn’t effective. To stay ahead of these trends, HCOs must make a fundamental shift to a Zero Trust model
- Users – People using your system, including staff, vendors, and contractors
- Assets – Where your information and data live
- Resources – Tools used to protect your information
Zero Trust relies on a multi-layered approach — with the core principle that nothing can be trusted. With the traditional perimeter gone, the “trust but verify” paradigm is also gone, replaced by verify-verify-verify.
Technologies often deployed in Zero Trust systems include:
- Multi-factor authentication
- Advanced endpoint protection
- Event isolation technologies
- Data encryption
- Identity management and protection
- Secured messaging
- Asset validation prior to connection
Zero Trust requires a cultural shift and company-wide commitment to security and clear communication to succeed. An experienced partner can assist in creating a culture of security and communicating with employees, partners, vendors, and more to assist HCOs in modernizing their systems to protect against the latest attacks.
What you can do to improve cybersecurity
To effectively stay current on the latest vulnerabilities, HCOs should continually review and update cybersecurity protocols and response plans. Implementing a risk assessment can have a significant impact on healthcare cybersecurity. Thoroughly review all aspects of data collection, storage, and use to improve and support tighter security measures across your organization — from business operations to output management and interoperability.
Include these key business systems as part of an internal review of cyber security preparedness:
- Business Process Optimization — Examine current processes and operations to identify security gaps while looking for ways to improve efficiency
- Asset Management — Monitor vulnerabilities by constantly scanning and reporting enterprise technology assets regardless of location and how those assets work together to support the organization
- Content Management — Evaluate how clinical and administrative data is captured and linked to internal systems to improve business and clinical processes in a way that can reduce exposure
- Device Management — Confirm the secure organization and flow of internal and external information between internal and external devices
- Forms Management — Review the capture, management, and flow of clinical and administrative information to guarantee that data is safely and securely handled, as well as to help reduce the chance of information mismanagement and human error
- Interoperability — Look at ways patient data is typically shared, from an unstructured, analog method to a digital, electronic transfer method
- Output Management — Monitor and audit enterprise printing to help address the need for confidentiality, misdirected or forgotten print jobs or unauthorized access
- Point of Service Scanning — Assess how capturing and directly linking clinical and administrative data to internal systems at the point of service can help reduce potential exposure
- Hardware — Gauge how well the organization uses hardware by examining steps such as user authentication at the printer, encryption to help safeguard documents, data, address books, passwords and more, automatically overwriting latent digital images and managing unstructured data
While a review of these systems may seem extensive, it's necessary to protect your network from the latest vulnerabilities. A trusted IT outsourcing company can identify vulnerabilities, help you establish safeguards, and free up time for you and your staff to focus on what matters most: patient care. Giving healthcare workers more time to focus on improving patient outcomes can deliver a meaningful morale boost and help retain talent — ever-important in this era of staffing shortages.
Outsourced IT services put expert industry knowledge on your side, improving security as well as ongoing system performance. This allows you to become more flexible, agile, and ultimately deliver greater patient experience and compete more successfully.
The threat landscape evolves fast, making it difficult for understaffed organizations to keep up with the latest healthcare cybersecurity trends. Whaling, vishing, pharming — there are more than 20 types of phishing alone, which is one of the most prevalent causes of attacks on healthcare cybersecurity. Training staff to look out for all the ways people can gain unauthorized access to a HCO system is a significant task requiring educated partners.
The internal actor has figured prominently in breaches.[5] The federal government should support HCOs in training workers, according to John Riggi, the national adviser for cybersecurity and risk at the American Hospital Association
- Suspicious URLs or domain names
- Emails requesting personal information, containing odd messaging or typos/grammatical issues
- Opening email attachments from unknown sources
- Using the same password for multiple sites
- Benefits of a secure password manager
- Risks of using public computers or unsecured wireless connections
News & Events
Keep up to date
- 17Apr
Ricoh-Toshiba Tec Joint Venture: Frequently Asked Questions
- 05Apr
Ricoh awarded tenth EcoVadis Gold Rating for sustainability performance
- 27Mar
Ricoh positioned by Gartner® in its 2024 Magic Quadrant™ for Outsourced Digital Workplace Services for fourth consecutive year
- 18Mar
Ricoh advances zero greenhouse gas emissions Scope 1 and 2 to 2040 and strengthens Scope 3 reduction measures