Why Healthcare Organizations are Major Cyberattack Targets

Healthcare is seen as especially vulnerable; however, organizations can take action to build out their cyber defenses.

By Jeff Wardon, Jr., Assistant Editor


Cybercriminals have become bolder in their operations. If the initial attack fails, a backup attack is likely to follow. Healthcare facilities need to be diligent with their defenses.  

The deceptive practices cybercriminals use bear parallels to those used in espionage, says Eric O’Neill, former counterterrorism and counterintelligence operative for the FBI.  

“In fact, cyber criminals are not only learning from, but they are emulating the best in the business: spies,” says O’Neill. “So, you not only have to worry about foreign threat actors, but you also have to worry about cybercriminal gangs that are sophisticated, well-funded and making trillions of dollars in ransomware. They are leveraging the same sort of deceptive attacks that come from espionage.” 

A lot of this is social engineering, says O’Neill, as the attackers are striking at an individual to use them as a gateway into data centers and accessing critical data for the healthcare industry. To make matters worse, healthcare is seen as an “incredibly vulnerable” industry for cybercrime.  

Healthcare’s major vulnerability 

It’s no secret, healthcare organizations are a major target for cybercriminals and their schemes. With nearly daily reports of cyberattacks on healthcare organizations, both big and small, one begins to wonder why they seem to have bullseyes on their backs.  

O’Neill says that this is because healthcare is perceived as not having robust cybersecurity protection, making them a prime target for attack. Complicating things is the perception that healthcare organizations are more likely to pay out on a ransomware attack. 

“They are perceived as generally paying because patient care suffers when systems go down,” says O’Neill. “Cyber attackers also know that the healthcare industry maintains very critical data that can cause massive reputation-related harm and severe downstream damage in identity theft. Because of this, they're perceived as being more likely to pay to get their data back or for the cybercriminal to destroy the data and not publish it on the dark web.” 

Also, if a cyberattack is successful, it can cause down time for healthcare facilities, meaning facility operations and patient care are both negatively impacted. In turn, that can lead to loss of revenue and a bruised reputation, among other things.  

However, there are steps healthcare organizations can take to address their cyber vulnerabilities. 

Building out cybersecurity 

To build protection, healthcare organizations must look at their data, identify the most critical data they have and then build their cybersecurity around that by investing in robust cybersecurity tools, tactics and procedures, says O’Neill 

Organizations need cybersecurity training and technology that allows them not just build defenses, but also hunt down potential threats. O’Neill explains that an organization can’t just say they have a firewall built around their data to prevent anyone from getting in.  

“They will get in,” says O’Neill. “Cybersecurity also must be a spy hunter for you. It needs to hunt down that threat that is trying to compromise your data and prevent it from exfiltrating that data.”  

Lastly, cybersecurity isn’t a “set and forget” solution. There not only has to be a plan ahead of time and consistent training, there also has to be a constant assessment of cybersecurity, O’Neill says. Every time something changes in an organization’s data, whether it be mergers, acquisitions or a new partner, the healthcare organization must reassess and recalibrate to ensure that a hole hasn’t opened up in their data. 

“Cybersecurity is not just technology that is purchased and installed, but it's understanding where the data is, who has access to the data and then building defenses around that data to make sure that people who aren’t authorized don’t have access,” says O’Neill. “Those protections must be built after there is a plan to protect the data, not just going to a cybersecurity company to install software on everyone's computers and thinking that a solution will just magically happen.” 

Jeff Wardon, Jr., is the assistant editor for the facilities market.



September 26, 2024


Topic Area: Information Technology , Security


Recent Posts

What Are 'Hospi-tels'?

Hospitals and hotels are partnering to better cater to patients and families.


Jefferson Health Faces Lawsuit Over Third-Party Tracking on Websites

The lawsuit alleges that the health system allowed Facebook’s Meta Pixel to track patient activity on its websites.


Seneca Healthcare District Names Its New Community Hospital

The name was approved by the District Board during a meeting in November.


The Most Read Healthcare Facilities Today Articles of 2024

Healthcare Facilities Today continues to be a resource for the facilities industry.


Cybersecurity, Generative AI Among Top Risks for Healthcare Organizations in 2025

Ensuring compliance with a number of federal healthcare regulations was also identified as a concern by this recent study.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.