In Focus
Cybersecurity
How to avoid cyberattacks?
Much has been written about failures to maintain the security of data. Facilities both large and small have been crippled by ransomware.
Some are a result of failures to meet basic security requirements or a single staff member providing their user information in response to a phishing attempt. Other data breaches and system blocks are the result of newly designed malware. In addition to any monetary cost of paying the ransom, the consequences of these cyberattacks include increased risks in providing patient care, unavailability of critical materials and a loss of patient trust.
In July of 2024, the World Health Organization (WHO) published a report Examining the threat of cyber-attacks on health care during the COVID-19 pandemic1. This report reviews the evolution of cyberattacks on healthcare and the increase in the number of attacks. The WHO is not immune to being used by cybercriminals and has posted a notice that the WHO will never ask for passwords.
In the July 2023 report, ENISATHREAT LANDSCAPE: HEALTH SECTOR July 2023, 215 incidents occurring between January 2021 and March 2023 were analyzed.
Of these, 208 were cyberattacks on the health sector. This report describes the threats to healthcare computing due to ransomware, threats against data, denial of service, malware, social engineering threats, supply chain attacks, errors, misconfigurations and poor security practices. Misinformation / disinformation and intrusion.
The 2023 HIMSS Healthcare Cyber Security Survey2 provides a snapshot of current state of cybersecurity in healthcare with recommendations for a cybersecurity framework and performance goals. Artificial intelligence (AI) and quantum computing have great potential in improving healthcare. Along with those advances come additional risks and cybersecurity challenges. AI is installed in smartphones and equipment used in the healthcare setting as well as everyday computing.
The U.S. Cybersecurity and Infrastructure Security Agency published a guide on reducing the risk and consequences of cyber-attacks in its October 2023 Mitigation Guide: Healthcare and Public Health (HPH) Sector3. This report describes common vulnerabilities including web application vulnerabilities, encryption weaknesses, unsupported software, unsupported Windows operating systems (OS), known exploited vulnerabilities (KEVs), and vulnerable services. The article recommends that organizations establish policies and procedures that establish purchasing criteria for software and devices to evaluate their security, develop partnerships with information technology suppliers and industry peers. This guide recommends that when could systems are used, special attention should be given to security practices.
As cybercriminals and hackers continue to update their methods of invading and disrupting healthcare services, we must continue our response to these threats by maintain our policies, processes and procedures to safeguard our data. As a first step, review the information the cited articles and continue assessing your cybersecurity status.
References
- Saif F. Abed, Sophie Allain-loos and Nahoko Shindo Examining the threat of cyber-attacks on health care during the COVID-19 pandemic https://iris.who.int/bitstream/handle/10665/375831/WER9904-25-37.pdf?sequence=1&isAllowed=y accessed 13 Nov 2024
- 2023 HIMSS Healthcare Cybersecurity survey https://www.himss.org/sites/hde/files/media/file/2024/03/01/2023-himss-cybersecurity-survey-x.pdf accessed 13 Nov 2024
- Mitigation Guide: Healthcare and Public Health (HPH) Sector, October 2023 Cybersecurity and Infrastructure Security Agency https://www.cisa.gov/sites/default/files/2023-12/HPH-Sector-Mitigation-Guide-TLP-CLEAR._508c.pdf accessed 13 Nov 2024
