Magazine

FM College ~ News & Articles

Why Healthcare Organizations are Major Cyberattack Targets

Sep 25, 2024 | Public | 0 comments

Healthcare is seen as especially vulnerable; however, organizations can take action to build out their cyber defenses.

Cybercriminals have become bolder in their operations. If the initial attack fails, a backup attack is likely to follow. Healthcare facilities need to be diligent with their defenses.

The deceptive practices cybercriminals use bear parallels to those used in espionage, says Eric O’Neill, former counterterrorism and counterintelligence operative for the FBI.

“In fact, cyber criminals are not only learning from, but they are emulating the best in the business: spies,” says O’Neill. “So, you not only have to worry about foreign threat actors, but you also have to worry about cybercriminal gangs that are sophisticated, well-funded and making trillions of dollars in ransomware. They are leveraging the same sort of deceptive attacks that come from espionage.”

A lot of this is social engineering, says O’Neill, as the attackers are striking at an individual to use them as a gateway into data centers and accessing critical data for the healthcare industry. To make matters worse, healthcare is seen as an “incredibly vulnerable” industry for cybercrime.

Healthcare’s major vulnerability

It’s no secret, healthcare organizations are a major target for cybercriminals and their schemes. With nearly daily reports of cyberattacks on healthcare organizations, both big and small, one begins to wonder why they seem to have bullseyes on their backs.

O’Neill says that this is because healthcare is perceived as not having robust cybersecurity protection, making them a prime target for attack. Complicating things is the perception that healthcare organizations are more likely to pay out on a ransomware attack.

“They are perceived as generally paying because patient care suffers when systems go down,” says O’Neill. “Cyber attackers also know that the healthcare industry maintains very critical data that can cause massive reputation-related harm and severe downstream damage in identity theft. Because of this, they’re perceived as being more likely to pay to get their data back or for the cybercriminal to destroy the data and not publish it on the dark web.”

Also, if a cyberattack is successful, it can cause down time for healthcare facilities, meaning facility operations and patient care are both negatively impacted. In turn, that can lead to loss of revenue and a bruised reputation, among other things.

However, there are steps healthcare organizations can take to address their cyber vulnerabilities.

Building out cybersecurity

To build protection, healthcare organizations must look at their data, identify the most critical data they have and then build their cybersecurity around that by investing in robust cybersecurity tools, tactics and procedures, says O’Neill

Organizations need cybersecurity training and technology that allows them not just build defenses, but also hunt down potential threats. O’Neill explains that an organization can’t just say they have a firewall built around their data to prevent anyone from getting in.

“They will get in,” says O’Neill. “Cybersecurity also must be a spy hunter for you. It needs to hunt down that threat that is trying to compromise your data and prevent it from exfiltrating that data.”

Lastly, cybersecurity isn’t a “set and forget” solution. There not only has to be a plan ahead of time and consistent training, there also has to be a constant assessment of cybersecurity, O’Neill says. Every time something changes in an organization’s data, whether it be mergers, acquisitions or a new partner, the healthcare organization must reassess and recalibrate to ensure that a hole hasn’t opened up in their data.

“Cybersecurity is not just technology that is purchased and installed, but it’s understanding where the data is, who has access to the data and then building defenses around that data to make sure that people who aren’t authorized don’t have access,” says O’Neill. “Those protections must be built after there is a plan to protect the data, not just going to a cybersecurity company to install software on everyone’s computers and thinking that a solution will just magically happen.”

Jeff Wardon, Jr., is the assistant editor for the facilities market.

The post "Why Healthcare Organizations are Major Cyberattack Targets" appeared first on Healthcare Facilities Today

0 Comments

Submit a Comment

Are Scents a True Indicator of Cleanliness?

Editor’s note: FM Perspectives are industry op-eds. The views expressed are the authors’ and do not necessarily reflect...

The Impact of Lighting on Aesthetics and Atmosphere in Healthcare

Lighting manufacturers discuss how lighting affects the look and feel of healthcare facilities. While not usually talked...

IFMA publishes accessible guide for leveraging AI

The International Facility Management Association (IFMA) released a publication for understanding and leveraging AI in the...

Hidden dangers

Conor Logan, Technical Director, Colt International on the hidden dangers of neglecting smoke control system maintenance In...

How to Improve Facility Operations with Visual Management Strategies

Visual management enables businesses to communicate important information about processes and procedures. Where...