Daunting realities in the healthcare industry, when it comes to Cyber Security

From Lack of understanding and awareness, to the challenges related to budget, the healthcare industry is sick when it comes to protecting infrastructure and information.
 Medical records are being increasingly targeted by cybercriminals, and healthcare institutions were twice more likely to be targeted than other organizations.

The biggest threat, says
KPMG ,comes from external attackers at 65% ,while malware tops the list of information security concerns.
Daunting realities include:
  • Valuable data. Data collected and stored by hospitals and other organisations, such as medical aid schemes, is up to ten times more valuable to cybercriminals than credit card information. Given the value of this data on the black market, cyber-attacks are becoming ever more sophisticated in their attempts to hack healthcare institutions.
  • Ageing infrastructure. Hospitals are melting pots of outdated infrastructure, old operating systems and state-of-the-art medical technology, all communicating over the same networks.
  • Complex networks. The fact that so many different people, devices and departments need to access a medical institution’s records forces them to adopt open networks. It becomes difficult to secure and even more vulnerable to attack.
  • No budget. Security spending in the healthcare industry is lagging behind other industries spend.
  • Easy targets. Ransomware is one of the biggest methods used by cybercriminals to gain access to medical data. This involves ‘kidnapping’ the data and only releasing it once the hospital pays a ransom. Because medical organisations are generally dealing with crises, they need urgent access to their data and are more willing to pay the ransom to get back up and running as quickly as possible. Cybercriminals know this and are exploiting it.
Lack of understanding and awareness. There’s a lack of understanding of what’s going on when it comes to cyber security. There needs to be an increased understanding of how to defend against attacks like ransomware, coupled with a bigger focus on educating staff and users on how to spot phishing attacks.

Popular Posts