Much has been made of the threat that healthcare facilities face from cybercriminals attempting to breach confidential patient data, but the industry is still dangerously vulnerable to certain types of attacks, according to new research.
The study, performed by security firm Independent Security Evaluators, shows that while defenses are strong against potential attacks from unsophisticated individual hackers, the threat of hacks from organizations such as organized crime syndicates or nation states is underestimated by healthcare cybersecurity teams.
Pointing to a massive industry emphasis on protecting patient records from blanket attacks, the authors of Securing Hospitals suggest that IT and building professionals should pay more attention to the strategies hackers would likely use to target patient health information or specific records. The report also highlights various shortcomings common to healthcare IT operations, noting lack of funding, inadequate staffing and training, weak remote access controls, lack of network awareness, and monitoring and use of legacy systems as areas that could be improved. To remedy the situation, the report recommends that healthcare facilities take steps such as boosting funding and training workers on cybersecurity best practices.