As health systems and hospitals are under unprecedented stress from the COVID-19 pandemic, their IT departments also are facing critical skills and staffing shortages as they battle unrelenting cyberattacks.
Since the beginning of 2020, hundreds of hospitals in North America have experienced data breaches, ransomware and other cyberattacks. The Canadian healthcare system has not been spared. Cybercriminals are targeting healthcare service providers, hospitals and family health teams, trying to access patient and employee information and crippling other critical systems.
In 2021, 45 million individuals were affected by healthcare attacks, up from 34 million in 2020 in the US. That number has tripled in just three years, according to the report, which analyzes breach data reported to the U.S. Department of Health and Human Services (HHS) by healthcare organizations.
“Whether the attack vector is ransomware, credential harvesting or stealing devices, the healthcare industry is a prime target for attackers to monetize PHI and sell on the Dark Web or hold an entity ransom unable to deliver patient care,” said John Delano, healthcare cybersecurity strategist at Critical Insight and vice president at Christus Health, in a statement.
“As we continue into 2022, healthcare organizations need to be on guard not only of their cybersecurity posture but also of third-party vendors that have access to data and networks. We are seeing more awareness and proactive approaches to cybersecurity within this sector, but there is still a long way to go.”
Healthcare organizations need to establish a comprehensive risk management program and should classify their business employees by level of risk based on the type of data third parties are able to access, according to the report.
In a recent webinar on cybersecurity that was sponsored by Calian, an Ottawa-based company with a presence in both healthcare IT solutions and security conducted an online poll and of the140 online participants they found that only 13% were confident in their IT security. Moreover, 30% were worried, saying they needed to rethink their IT security strategy!
Other steps businesses should take are establishing procedures and processes to vet third parties before granting them access to data, emphasizing security in any business agreement with third parties and working with cybersecurity companies for managed intrusion detection and response services.
Drex DeFord, executive health care strategist with Crowdstrike, compares the cyber attacks to a stroke.
“Once the adversary breaks out of the first machine and makes a lateral move, containment of that cyber-event becomes way more complicated.”
He mentioned there is a “golden hour” for optimal treatment. “Our research shows that it takes about an hour-and-a-half for an adversary to break out of that first device and move laterally,” said DeFord. For this reason, monitoring systems that can detect intrusions and respond within an hour are crucial.
This is why it is crucial now more than ever that an IT department is there to help. Do you need help with making sure your data is safe and secure? Schedule a Complimentary Business Systems Assessment today with one of our experienced technicians!
Source:
.png?width=1080&name=GOOGLE%20REVIEW%20(1).png "GOOGLE REVIEW")