The healthcare sector is a prime target for cybercriminals due to the sensitive patient data it holds. Oliver Norman, Regional Vice President for UK & Ireland at Veritas Technologies, discusses the most effective digital strategies to mitigate risks and ensure the resilience of healthcare services
Cybercriminals are indiscriminate about who they target. They simply look for opportunities to cause the most disruption because this is when they are likely to make the most money. In recent years, there have been several high-profile incidents in which the healthcare sector has become an unfortunate victim.
The healthcare sector is especially exposed to cyber attackers for several reasons. One is the vast amounts of sensitive patient data that the industry produces and stores, including personal and medical records. The implications if this data is stolen or tampered with can be catastrophic, even fatal, so it’s unsurprising that it has become a big-ticket target.
Just take the cyberattack that happened in June, which impacted several London hospitals. It caused the postponement of over 1,000 planned operations and 3,000 outpatient appointments. Reminiscent of the notorious 2017 WannaCry attack, it serves as a reminder of the significance of data protection for healthcare institutions.
Investment in our healthcare system is expected to occupy the political agenda in the coming months, with the new Labour government promising to construct an NHS that is ‘fit for the future’.
Given that budget issues and talent shortages are widespread throughout the sector, it’s easy to see why implementing effective digital transformation and cybersecurity policies could fall off the priority list. But in today’s digital landscape, it simply cannot be disregarded.
The price of not protecting our healthcare system
Research released last year revealed that three in four (76%) healthcare organisations around the world have experienced a successful ransomware attack, and two-thirds (65%) have experienced data loss from other types of attacks. Almost half (43%) of those organisations consider data security as their primary risk. This comes ahead of economic uncertainty (39%) and the adoption of emerging technologies like AI (32%).
A cyberattack has the potential to destroy any business. When it comes to the healthcare industry, especially the UK’s National Health Service (NHS), which services a large portion of the population, an attack feels more personal. Its impact is widespread and unavoidable. At a base level, cyberattacks can disrupt medical services and cripple hospital operations. This is because, when systems are down, essential patient information is inaccessible. This can delay medical procedures and compromise patient care. It can also increase the risk of medical errors and negatively impact treatment outcomes.
Beyond this, cyberattacks frequently result in hefty financial costs. Sometimes this is in the form of immediate ransomware payments, however, any prolonged downtime and recovery following an attack could also have an impact. In the healthcare space, it can be even more tempting to pay off the attackers, due to the sensitivity of the information they manage to get hold of.
Another implication, which isn’t always considered, is the impact a cyberattack will have in terms of patient trust. A cyberattack in which malicious actors manage to access sensitive data can lead to a loss of confidence in an organisation’s ability to safeguard data and can seriously damage its long-term reputation.
Warding off the attackers
In today’s digital age, the question is not if a healthcare organisation will face a cyberattack, but when. With that in mind, those in the sector must be ready to mitigate the effects and recover quickly.
One way an organisation can do so is through implementing a data backup and recovery plan. Such plans are essential to safeguard patient data and ensure business continuity. Backup processes should capture all critical data and be executed at regular intervals. Coupled with a swift recovery process, data backup and recovery help minimise downtime and ensure business continuity when data is lost due to malicious activities.
Similarly, healthcare leaders should invest in cyber awareness training. Developing and implementing an ongoing cyber awareness programme to educate the entire organisation on the latest cyber threats and the policies to avoid them is more important than ever. Any programme should be continually updated to reflect emerging threats and remain a critical line of defence in identifying and thwarting potential cybercrimes.
Of course, advanced security technologies like firewalls, anti-malware tools, and intrusion detection systems that use AI and machine learning for predictive threat analysis and response can help to bolster protection. However, an equally important part of any strategy is to regularly stress test and break systems to identify where the weak points are. Often organisations – especially within the public sector – implement security strategies and then wait until an incident occurs to see whether their framework is effective. With the regularity of attacks in the current landscape, this cannot adequately anticipate the scale at which breaches are attempted.
The efficient use of data is essential in the delivery of effective healthcare services. It is what makes it possible for medical professionals to diagnose patients, it is what ensures that patients are given the correct medication, and it is what helps in the development of new life-saving treatments and medical innovations.
Unfortunately, attackers know this, and they are not above using it to their advantage. Healthcare businesses will inevitably experience cyberattacks, but the loss of data is avoidable. Cybersecurity technologies and data protection plans can strengthen defences and enhance the healthcare sector’s capacity to react quickly to new threats.