In the modern healthcare sector, the importance of securing patient data cannot be overstated. While healthcare professionals strive to keep sensitive information safe, they often lack the time and inclination to prioritize cybersecurity due to their life-saving responsibilities. According to Jonathan Whitley of WatchGuard Technologies, the healthcare industry's heavy reliance on technology, including the Internet of Things (IoT), has made patient data constantly vulnerable to cybersecurity threats. Therefore, there's a pressing need to strike a balance between providing quality patient care and maintaining robust cybersecurity practices.
Cyberattacks on healthcare organizations have been on the rise, with a staggering 94% increase in ransomware attacks from 2021 to 2022. Many of these victims end up paying ransoms to regain control of their systems. To address this growing threat, Whitley emphasizes the importance of raising awareness about security gaps, issues, and threats within the healthcare sector.
A recent survey conducted by Gartner Peer Insights and Watchguard sought to understand whether healthcare companies were taking the necessary steps to establish a strong password security culture and posture. Alarmingly, nearly half of the respondents reported experiencing a data breach in the past two years, highlighting the urgent need for improved cybersecurity.
The survey identified legacy technology and systems as a major vulnerability, along with talent gaps and outdated security measures. Phishing attacks and ransomware were the top concerns, with these attacks resulting in operational disruptions, lawsuits, loss of intellectual property, and patient data breaches. Credential protection methods like Multi-Factor Authentication (MFA) were not widely adopted, with only 24% of respondents implementing MFA authentication policies.
Healthcare providers, offering integrated health solutions in an increasingly connected environment, are more susceptible to attacks. Beyond firewalls, the vulnerability of cloud storage (61%) and the cyber risks associated with smart medical devices, intelligent tools, and wearables (26%) are significant concerns.
To protect patient data, a majority of respondents follow Protected Health Information (PHI) protocols (68%) and encrypt all patient data (64%). Some comply with HIPAA requirements (60%), and others follow privacy guidelines like GDPR (43%). However, only 24% employ risk-based authentication policies to control access to patient data.
Healthcare leaders also expressed concerns about web-connected medical devices, with cybersecurity attacks, data integrity, and high latency being the top worries.
To encourage employee adoption of security measures, healthcare IT professionals are implementing measures such as sending test phishing emails (68%), increasing IT security training (62%), adopting compliance policies (52%), and making corporate security certification mandatory for employees (49%).
In conclusion, the healthcare industry must reevaluate its approach to cybersecurity. The current patchwork approach is inefficient, overly complex, and outdated, leaving organizations vulnerable to cyber threats. Whitley suggests adopting a unified security platform architecture that simplifies and centralizes security practices while remaining comprehensive and automated. With the healthcare sector facing continuous security threats, it is imperative to prioritize cybersecurity to prevent further ransomware attacks on critical healthcare facilities.
Source: https://healthcare-digital.com/hospitals/watchguard-technologies-cybersecurity-in-healthcare