Cyber attacks on the healthcare sector are on the rise. The Health Sector Cybersecurity Coordination Center of the US Department of Health and Human Services recorded 2021 ransomware incidents in the healthcare sector as early as the beginning of 82, and many more followed. Almost 60 percent related to the US market. But after the US, European countries are targeted.
The effects were devastating. Large hospitals had an average downtime of 6,2 hours and costs of $21.500 per hour. Midsize hospitals averaged nearly 45.700 hours of downtime and the cost more than doubled at $XNUMX an hour, according to a study by Philips and CyberMDX.
Health data – the new gold
Cyber criminals know that universities and healthcare institutions manage, process and store large amounts of protected health information (PHI), personally identifiable information (PII) and intellectual property (IP). To ensure they are protected against intrusion, compromise, disruption and data exfiltration, IT security provider Lookout says hospital systems need to rethink the way they use cybersecurity.
Growing attack surfaces
University and government healthcare systems no longer have the luxury of managing limited network infrastructures where applications, data and devices reside within a well-defined perimeter. The rise of telemedicine, cloud computing, electronic health records, IoT devices and wearables has created new risks and privacy requirements.
Data is found in countless applications today, both on-premises and in the cloud. As healthcare providers and staff work from anywhere, and patients demand anytime, anywhere access, unmanaged devices and networks are used to process PHI, PII, and IP. In Lookout's experience, this has simultaneously opened up new avenues for attacks and severely reduced the effectiveness of perimeter-based security, since healthcare networks are no longer as transparent and controllable as they used to be.
Insufficient security tools
In order to meet the new data protection requirements, university and government healthcare institutions need cybersecurity that works regardless of the location of the data. This is especially necessary as employees work from anywhere with unmanaged devices and networks. Traditional security solutions are tied to boundaries where data and users no longer reside exclusively, and as such offer limited visibility into and control over cloud-centric activities.
Some companies have started implementing security solutions from the cloud, but these solutions are often deployed in isolation. Siled solutions create security vulnerabilities and operational inefficiencies as administrators must switch between different consoles to coordinate information and analyze results. Without a change in strategy, university and state healthcare systems will continue to face the consequences of ransomware attacks like these:
- In December 2021, a ransomware attack on the Maryland Department of Health crippled its systems and forced many of its services offline for at least three months.
- In August 2021, a ransomware attack prompted the Memorial Health System emergency room in Marietta, Ohio, to transfer patients to other facilities. The hospital chain was forced to shut down IT systems and cancel emergency surgeries as data from over 200.000 patients was affected.
- In October 2020, the University of Vermont (UVM) incurred costs of more than $63 million when a ransomware attack took its systems offline, including those at the UVM Medical Center.
A unified approach to data protection
To effectively protect sensitive and regulated data, Lookout believes university and government healthcare organizations need to move beyond perimeter-based tools.
One possible solution could be a security platform that eliminates the need for a patchwork of technologies by consolidating functions that have traditionally resided on-premises in the cloud. Such a platform offers end-to-end data protection and transparency – from user behavior to the endpoints they use to the data they want to access. With a unified solution, these institutions gain comprehensive and consistent visibility and control of their entire system in a single window.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.