The long-lasting effects of the pandemic can still be seen today across many different industries. Multiple waves of infections are still currently happening in countries around the world, even though vaccination numbers are at their highest point. Healthcare services are still at their toes in battling the number of infections soaring day by day. Their infrastructure is not only seen as essential but as the most crucial asset among other industries. Availability is without question and has to be maintained during these trying times.
Other than the increasing number of COVID-19 cases, the number of cyber-attacks has also been increasing throughout the pandemic. Malicious adversaries are always keen to exploit the vulnerabilities among peoples and organizations during the height of the pandemic. The Healthcare sector is one of the most heavily affected sectors by cyberattacks, especially attacks such as ransomware attacks. Even before the pandemic, cases like WannaCry have also been targeting healthcare industries, with the UK NHS becoming one of its victims. In 2020, the healthcare sector placed itself in the top 5 industries hit by ransomware attacks.
According to the cybersecurity survey conducted by the HIMSS, it revealed that almost 70% of hospitals surveyed had experienced at least a significant security incident that resulted in major disruption of services. The percentage numbers are around 28% for phishing and ransomware attacks that resulted in the disruption of IT operations, 25% for data breaches, and lastly 20% resulting in financial losses. Disruptions of operations do not only mean interference of business operations but the health and safety of the patients are also exposed to danger, which may lead to much worse outcomes and even casualties due to disruption of treatment.
In terms of data breaches, it has been reported by IBM that healthcare industries stood for the 11th year in a row as the industry that has the highest cost of data loss, with the latest cost standing at around $9.23 million in 2021. In a single month, it is reported that there were at least 70 data breaches containing 50 or more records and this number has been steadily increasing since the start of the year. From August 2020 to July 2021, an average of 58.8 data breaches and around 3.70 million records per month.
The path forward
Moving onward, the best practice for healthcare industry organizations is a thorough implementation of cybersecurity measures along with sufficient investment of both capital and partnership in safeguarding the critical infrastructure. The partnership between the public and private sectors in the healthcare industry will be the fundamental factor in attaining cyber-resilience.
In regards to hygiene, not only the importance of personal hygiene but also the emphasis on cyber hygiene, which means regularly exercising the form of good habits around cybersecurity so that organizations can stay ahead of cyber threats and online security issues. Cyber hygiene is very much similar to personal hygiene where both are precautionary and regularly conducted in ensuring the health and well-being of a system.
Adapting to changes and cybersecurity challenges in the industries, healthcare organizations have to go through a complete and thorough shift in both operations and services, especially in handling critical information such as patient data or medical equipment that are dire to patients’ lives. Cybersecurity best practices should be kept in mind when handling those critical resources, as simple as implementing the CIA triad or also known as confidentiality, integrity, and availability.
Where to start?
Achieving cyber resilience is part of a big process that takes time and effort to fully implement. It requires full support from both the private and public sectors. Investment in cybersecurity may seem enormous at first, but compared to the cost of potential data breaches, it is definitely worth the value. Another thing to consider is the fact that malicious adversaries will continuously look for any attempt to attack such industries, which means the proper way to prevent future attacks is by hardening and educating ourselves against cyber attacks.
The initial step that should be taken would be assessing the current system for any existing vulnerabilities. The method in assessing these vulnerabilities will be in the form of penetration testing or pentest. Penetration testing will reveal any critical vulnerabilities on a system, which will then can be fixed as part of the hardening process of the system. Once the vulnerabilities are fixed, the next appropriate method is the implementation of security measures, which can be in the form of SOC as a monitoring platform, antivirus deployment as endpoint protection, or threat intelligence as an information platform on the threat or threat actors in cyberspace.
In conjunction with several methods of implementation that have been stated above, Protergo as a cybersecurity services provider strives to complement the growing concern and demand of cybersecurity in the industry, especially in terms of achieving cyber resilience. The set of services that Protergo is able to provide ranges from BLACK as penetration testing service, RADAR as threat-intelligence platform, SENTINEL as next-gen antivirus and endpoint protection, lastly X-FORCE as a monitoring platform in the form of next-gen SOC. These products will not only complement the current needs of cybersecurity but also help the industry adapt to the current and future threats.
Ultimately, every measure taken and implemented is part of a bigger process in achieving cyber resilience. Critical infrastructures and assets in the healthcare industry are the lifeline of patients all across the globe, where a single disruption has the ability to affect millions of lives. Thus, proper investment in cybersecurity is without a doubt the main priority to improving the healthcare industry’s resilience towards cyberattacks in the foreseeable future, especially keeping up with the change in both the environment and technology.
Illustration by: J. Lazaro on Unsplash