The Urgent Need for Effective Cybersecurity in Healthcare

In today’s digitized world the healthcare sector has witnessed an unprecedented transformation, with electronic health records (EHRs), telemedicine, and IoT medical devices becoming integral parts of healthcare delivery. While these advancements bring numerous benefits, they also open new attack vectors for cybercriminals. With increasing reliance on interconnected systems and the proliferation of valuable patient data, cyber threats are expected to persist and evolve. In the first three quarters of 2023 alone, there have been 480 reported data breaches across the healthcare sector. Medical institutions have fallen victim to cybercrime, securing their spot on the list of top sectors affected by the evolving threat landscape.  

Attacks in the healthcare sector account for 70% of all large-scale data security incidents. In 2023, over 40 million people have been impacted by healthcare data breaches. Hacking and IT incidents have been reported to be the leading cause of these attacks, making up 78% of breaches in the healthcare sector. These incidents can occur due to minimal access controls, compromised credentials, or vulnerabilities in the network that hackers use to gain access. The interconnectedness of medical IoT devices, lack of professional training, and increased reliance on the cloud makes healthcare institutions a target. Linux continues to serve as a foundational element in a variety of healthcare devices including patient monitoring, medical imaging, IoT gateways, and telehealth applications. For these reasons, it is important to protect our critical infrastructure and prioritize Linux security in the healthcare sector. 

Why the healthcare sector?

The susceptibility of the healthcare sector to cybercrime can be attributed to the sensitive nature of the data it holds. Coupled with the vastness of its network, restrictions in its data protection systems and pressures of strict regulatory standards contribute to its sensitivity. The financial incentives for cybercriminals in healthcare are substantial. Personal health information (PHI) and medical records fetch high prices on the dark web. Hospitals keep a database full of PHI: social security numbers, contact information, payment card data, and sensitive health and insurance information of their patients. These records can be used for various malicious activities such as insurance fraud, identity theft, extortion, and creating convincing phishing emails. Medical entities also house important research data for treatments, vaccines, and drugs that could be valuable to attackers looking to gain a competitive edge or steal intellectual property.   

The network of healthcare institutions is vast and under protected. In addition to countless IoT devices, patients are able to access their medical files from their personal devices. The COVID-19 pandemic made healthcare more easily accessible through telemedicine. Unfortunately, this has made data more accessible to cybercriminals as well, with 73% of healthcare companies storing data in the cloud and 61% of healthcare respondents reporting an attack on their cloud infrastructure. A report by Cynerio describes that over half of connected devices in a typical hospital have critical risks present. The most vulnerable devices are IV pumps, making up 38% of a hospital’s IoT footprint, yet a majority of IV pumps have vulnerabilities that could threaten patient safety if exploited. Exacerbating the problem, more than 50% of devices in oncology, pharmacology, and laboratory departments run on old versions of systems that are no longer being updated, making them incredibly vulnerable to attacks. Considering these vulnerabilities, it is noteworthy that 43% of IoT developers select Linux as their preferred operating system. These figures highlight the importance of comprehensive Linux security within the healthcare sector. 

Adding to the complexity of the issue, healthcare organizations often lack the robust cybersecurity measures and incident response capabilities required to fend off sophisticated attacks. A survey reported that 53% of healthcare respondents did not list digital health as an organizational priority. Further, the portion of the healthcare industry’s IT budget dedicated to cybersecurity is often 6% or less. Healthcare employees often do not receive sufficient cybersecurity education and training, adding to their vulnerability. On top of these concerns, the healthcare sector must also adhere to strict regulatory standards like HIPAA (Health Insurance Portability and Accountability Act) which includes requirements for securing data.   

The devastating effects of cybercrime in the sector

The consequences of a successful attack are far-reaching. In addition to recovery costs and effects in productive care, the lives of innocent people hang in the balance.  

IBM reports the average costs of a studied breach in healthcare reached nearly $11 million in 2023 – a 53% price increase since 2020, making it the most expensive industry for the 13th year in a row. Research shows that 42% of healthcare organizations paid the ransom to recover data following a ransomware attack. Operational impacts per incident include an average of 19 days of downtime and 1,479 total days of disruption in affected healthcare facilities. Over half of incidents caused systems to go offline and 70% resulted in exposure of leaked data. These alarming numbers suggest that the costs of a successful attack in healthcare are much larger than what it takes to adequately protect it. However, even more devastating than monetary or operational effects is the impact these breaches have on proximal facilities and individual patient care

When a healthcare facility becomes incapacitated by ransomware, patients seek medical attention from neighboring hospitals, which strains these facilities and compromises the quality of care available to those requiring treatment. A 2023 study observed that emergency rooms near a hospital suffering a ransomware attack experienced a substantial increase in ambulance arrivals, a surge in patient volumes beyond usual capacity, and extended waiting times for all individuals seeking medical attention. The incidence of patients leaving the facility without receiving medical care rose by 127%. News of a significant breach in medical facilities also makes patients less inclined to trust them, impacting organizations directly.  

The most concerning effect of ransomware in healthcare is the possibility of impacting individual patient care. Research by the federal Cybersecurity and Infrastructure Security Agency found that hospitals hit with ransomware tended to experience more strain, which often correlates with higher patient mortality rates. While we don’t commonly tie cyber-attacks with life or death, in the healthcare industry that is constantly what is hanging in the balance. 

Last year, a woman took her 3-year-old son to the hospital after surgery, and he overdosed on pain medication due to the attack-related malfunction of a computer system that automatically calculated medicine doses. Luckily, he made a full recovery. The same cannot be said for an infant delivered during a ransomware attack in Alabama. Key systems were down that would have informed doctors of complications during surgery that ultimately led to the infant’s brain damage and death several months later.   

What can be done

These heartbreaking examples show the dire need for immediate, effective cybersecurity in the healthcare sector. The private data healthcare organizations hold, their IT vulnerability, and the catastrophic effect of cyberattacks on individual patient care establish cybersecurity as an area of much-needed attention. While the challenges are substantial, healthcare organizations can significantly reduce their risk by investing in strong cybersecurity measures, implementing a best-of-breed approach to their cybersecurity practices to ensure maximal protection on all operating systems, and fostering a culture of security awareness among staff and patients leveraging telehealth. Only by taking proactive measures can the healthcare sector safeguard the well-being of patients and protect the integrity of medical information in our increasingly digitized world.