17 May Cybercriminals have set their sights on healthcare
Cybersecurity special report: Ransomware will get worse, hackers targeting whales, medical devices and IoT trigger new vulnerabilities
When it comes to digital security, healthcare provider organizations have the wrong mission and are using outdated approaches, generally failing at securing their organizations from today’s increasingly sophisticated cybercriminals.
That’s according to “Hacking Hospitals,” a two-year study by Independent Security Evaluators of 12 healthcare facilities, two healthcare data facilities, two healthcare technology platforms and two medical devices.
The study concluded healthcare has two major problems when it comes to digital security: a near-exclusive focus on defending patient records, and measures that target unsophisticated adversaries and blanket attacks.
“One of the biggest things we took away from our Anonymous attack was that in the past, I had always thought about cybersecurity related to health IT as safeguarding data ― but our experience made us understand it is more than that,” said Daniel Nigrin, MD, CIO at Boston Children’s Hospital, which was attacked by the hacker group Anonymous in 2014. “These cyberattacks can be disruptive to the routine daily operations of a hospital. One can argue these kinds of attacks are even more significant than the breach of data because at the end of the day we are taking care of patients who are sick, and that has to be Priority No. 1.”