THREATS TO HEALTHCARE SECURITY & SAFETY
Intelligence from the experts at Paladin Risk Solutions.
The week of October 10-16 is Healthcare Security and Safety Week, intended to celebrate healthcare security professionals and bring attention to the threats the industry faces. Beyond the physical threats associated with high-risk services and high-risk individuals, the healthcare industry’s biggest threat is undoubtedly cyber-attacks. In 2021 in the US, over 600 cyber-attacks against healthcare targets compromised over 40 million patient records, demonstrating a 44% increase in cyber-attacks from the previous year. These attacks cost healthcare corporations an average of USD $9.23 million per instance. Notably, over 60% of these cyber-attacks could be traced back to third vendors and applications.
The primary reason healthcare has been a preferred target for cyber-attacks can be narrowed down to access points. The healthcare industry requires many applications and devices to work in tandem to provide effective service at all levels of the industry, and this means many vectors for hackers to gain access to healthcare networks. The often-cited statistic that the average hospital bed in the US has 10 to 15 internet-connected devices that can collect data highlights the increased attack surface and threat posed to the healthcare industry. More telling is the varied nature of cyber risks associated with healthcare. The industry is plagued by malware, DDoS attacks, insider threats, phishing attacks, mobile app vulnerabilities, and cloud vulnerabilities. The diversity of applications and devices used by the healthcare industry exponentially increases the surface area for attackers, as demonstrated by the variety of attacks that plague the industry.
Canada’s healthcare sector is just as vulnerable as the United States. On October 30, 2021, Newfoundland healthcare providers were victims of the "worst cyber-attack in Canadian history". Critical infrastructure and IT systems were targeted by ransomware attacks resulting in over 200,000 files being taken from the network. The ongoing investigation highlighted that the true extent of the breach had not been fully determined, but stolen data included patient info, medical diagnosis, medical history, SIN numbers, and employee information.
The healthcare industry represents a prime target for cybercriminals and has been increasingly targeted by a variety of cyber-attacks.
The wide variety of devices, applications, and third-party vendors required to provide healthcare service means that a collaborative approach to healthcare security and safety is increasingly important. Collaboration to common security standards amongst providers, third-party vendors, and outside security companies is the only way to address the surface area presented to cybercriminals effectively.
INTELLIGENCE: For more information and analysis specific to your organizational needs and for insight into how potential disruption may affect you, please contact Paladin Risk Solutions directly.
THREAT MANAGEMENT: For more on how Paladin can partner with your organization to prepare, respond and recover from threats and cyber-attacks, read more about our solutions for mitigating risk: https://paladinrisksolutions.com/solutions/