JESSIE HOPE | November 01, 2021
The rapid acceleration of digital adoption in healthcare has largely improved patient access amid the pandemic. In 2020 alone, over one billion consultations were predicted in lieu of physical physician visits. This prediction turned out to be accurate. Unfortunately, this wide scale telehealth rollout has also created a virtual playground for cybercriminals looking to exploit the deluge of sensitive information online. In fact, since 2020, cyber-attacks on the healthcare industry have risen by 55%.
How the Coronavirus Paved the Way for Cybercrime
The events of 2020 created the perfect storm for cybercriminals. While reports from as early as 2017 stated that the American healthcare system was significantly vulnerable, very little was done to safeguard its policies and operations. Despite recommendations from the Federal Bureau of Investigation (FBI) and other agencies, studies show that only 4% to 7% of the average health institution’s IT budget was allocated for cybersecurity. This lackluster investment in improving online safety was further exacerbated by the COVID-19 pandemic. Due to massive shifts in the industry, cybersecurity’s already modest budget was stretched even further to make up for cash flow adjustments and the sudden adoption of telehealth services.
Today, with the Delta variant pressuring the U.S. healthcare industry, IT professionals have been tracking continued surges in cybercrime attacks. At the national level, the U.S. Department of Health and Human Services has reported noticeable activity spikes in their servers. Unnamed sources have attributed this to hackers trying to use the floods of traffic to slow online operations. Meanwhile, more regional attacks have come in the form of phishing or ransomware. Over 70% of all malware attacks in 2020 were even credited to the latter. This act not only compromises confidential patient information but also halts the hospital’s access to its digital systems. This causes significant complications in the execution of essential tasks, like non-emergency surgeries and emergency room (ER) operations. As of October 2020, the FBI and Cybersecurity and Infrastructure Security Agency have released statements warning that they believe that cybercrime will continue to become more dangerous and prolific as the pandemic surges.
How the Healthcare Sector Can Combat Cyber threats
Among all other industries, healthcare is the one that reports the biggest losses, the most breaches, the longest breach identification time, and the most prolonged breach recovery period. Given this, many health and cybersecurity stakeholders have already begun rolling out protective measures and suggestions. Again, at a national level, cybersecurity analysts suggest that the HIPAA be updated. Being a 25-year-old law, it has glaring gaps in the standards and safeguards it mandates upon hospitals and third-party cyber service providers. This means that, at the moment, healthcare institutions and IT vendors have no vetted guidelines to aid them as they adjust to contemporary demands.
But, of course, the responsibility to better their cybersecurity also falls on the service users themselves. Aside from having IT team members who specialize in internal processes and improving user experience for patients, hospitals are also encouraged to onboard cybersecurity professionals. As a matter of fact, the forecast demand for these experts is expected to jump by 31% in the next decade, in accordance with the rise of cybercrime threats. Given this, and the current gap in cybersecurity talent, educational institutions are now offering online cybersecurity degrees. In line with the spread of telehealth adoption, these online degrees open up the field to a much wider array of potential talent. They also offer concentrations on mobile device hacking and forensics—both of which are timely skills in creating a defensive cybersecurity strategy.
Since cybercriminals are also targeting the data sent from patients, many security leaders suggest offering telehealth user training. In these short and digestible sessions, patients (and even non-IT hospital staff members) can be taught the basics of cybercrime safety. These include avoiding downloadable malware, using powerful passwords, and discerning which network connections are trustworthy. This effort can significantly reduce the chances of a breach since 95% of these vulnerabilities are caused by errors on the part of the service user.
All in all, the necessary changes to combat cybercrime are estimated to be worth over $125 billion by 2025. While it may be a costly process on the surface, it is a necessary—and long overdue—expenditure. Cybercriminals are getting more sophisticated daily, and by taking our time to scale up, we’ve let a hacking epidemic ride on the coattails of the COVID-19 pandemic. Read More