A comprehensive report on healthcare industry security paints a bleak picture. eSentire, a Managed Detection and Response (MDR) service provider, found the healthcare industry susceptible to the “most basic opportunistic attacks.” The report outlines threat vulnerabilities and a hierarchy of attack and threat types. The company stresses the need for on-site and security professionals, customized strategic direction for action, and an industry mindset shift.
We’ve covered medical and healthcare cybersecurity in the past. In 2015 Symantec reported on the health app vulnerability. Last fall we wrote about research at Arizona State University into using heartbeat electrical signals to protect electronic health records (EHRs).
According to the eSentire report, the healthcare industry is a growing target for cyber-attacks in part because of decentralized data sharing and network-integrated medical equipment. Health system IT’s focus on business functions increases the cyberthreat vulnerability. eSentire also called out the weakness of web portals for data sharing between industry entities and patients. Medical devices exacerbate the problem by increasing system access points that are often unprotected.
Citing healthcare industry vulnerabilities as far back as 1999, the report stresses the threat of opportunistic attacks for various financial purposes including insurance and tax fraud, blackmail, phishing campaigns, and information for sale on the Dark Web. Targeted attacks to extort money from institutions via ransomware are another significant threat, especially for hospital and clinics. The report breaks down weak points in multiple specific systems with two case studies.
Multi-faceted upgraded technical changes, raising cybersecurity awareness of staff, and active engagement with domestic and foreign government and healthcare industry partners are all required to reduce the risks of widespread cyber attacks, according to the eSentire report.