Healthcare cyber security series
Cyber-criminals continue to target industries where there are huge financial rewards, one of the prominent being health and human services in the UK. The healthcare industry is particularly vulnerable due to a potentially:
This situation leaves healthcare institutions exposed to the risk of cyber threats and compromised patient care.
Healthcare leaders and pharmaceutical companies are now seeing the real value of cybersecurity solutions. They are utilising emerging technologies to combat potential cyber threats.1
With the expansion of the remote workforce, detecting and preventing social engineering scams has become more difficult. While the increase in distractions when working from home have been widely discussed, physical separation from the workplace also presents key challenges. Without a co-worker to talk to nearby, healthcare employees are less likely to do a 'sense check' of a suspicious email.2
Cyber-crime is more sophisticated than ever, and your employees are your first line of defence. To nurture a culture of regulatory compliance in your business, you need to conduct regular risk assessments. Additionally, training your staff on healthcare cybersecurity and patient safety will help reduce the risk of human error causing any cyber incidents.
Start with building awareness, ensuring your staff understand the security risks. This includes what suspicious activity looks like and how to protect patient records.
In 2024, the healthcare sector saw a 21% increase of cyber attacks from the year before, and a colossal 216% increase from 2022. The healthcare sector always seems to be a firm favourite with cyber criminals. NCC's ransomware database has consistently ranked healthcare services in the top five most targeted sectors across 2022, 2023, and 2024.2
There are so many users of and many points of access in electronic data systems used by the healthcare sector. Those accessing highly sensitive data on these health systems are most often nurses and doctors who work long shifts and may be sleep deprived. This means healthcare systems are particularly vulnerable to scammers looking to take advantage of employees. According to the NCC group, only 40% of healthcare organisations provide cyber risk awareness training.2
Medical systems sometimes go without adequate data security updates for years. This makes hospitals and healthcare providers even more susceptible to evolving cyber threats and cyber attacks.
Sound familiar? If so, it’s time to put a plan in place to safeguard your sensitive information, intellectual property (IP), reputation – and money!
According to IBM’s Cost of a Data Breach Report 2024, the global average cost of a cyber breach in healthcare is now $9.77 million. This is 67% higher than the global average of all other industries studied.3
Costs associated with remediation will usually account for the largest chunk of the total. Costs can be mitigated by:
Protecting your business from cyber-crime and data breaches doesn’t need to be expensive. A modest investment in training and process changes can be invaluable in facing your business's cybersecurity challenges. It can also help reduce the likelihood of falling victim to cyber attacks.
Make employees aware of these scams through security awareness campaigns and available cyber threat intelligence. Particularly those in accounting, finance, HR, and benefits. Provide periodic anti-fraud training that teaches all employees to detect and avoid phishing and social engineering scams.
Require confirmed identity of any person requesting a funds transfer, a change to banking information, or payment instructions. This also applies to requests for access to critical data such as tax and payroll information.
An MFA should be set up for any remote access to your email system, your VPN, your ACH system, and other sensitive applications. Many platforms now provide for MFA at little or no cost.
Let your customers or clients know that you will not change banking instructions without authentication. They should treat any such request as possibly fraudulent.
Reducing email retention periods limits the amount of sensitive data held in email inboxes.
For example, the Sender Policy Framework (SPF) email security standard or an advanced email cybersecurity threat protection product.
By implementing robust cybersecurity measures and regularly assessing your cybersecurity programs, healthcare organisations can better protect sensitive patient data. This approach also helps improve patient outcomes and maintain patient trust in an increasingly complex cyber landscape.
To find out more about cyber insurance click here.
Sources
1. kpmg.com/cybersecurity-considerations-2024/report
2. nccgroup.com/healthcare-sector-at-high-risk-from-cyber-attacks-warn-experts
3. ibm.com/reports/data-breach