Rating Your Hospital’s (Cyber) Health

Rating Your Hospital’s (Cyber) Health 864 486 N2K

It’s 2017. Do You Know Where Your Medical Records Are?

The last thing on your mind when you or a loved one is in the hospital is cybersecurity. The security of medical records is something patients take for granted. In 2016, some 93 cyberattacks hit healthcare organizations. That worrying trend has continued into 2017, where hospitals and research labs have continued to be on the receiving-end of numerous hacks, including the global ransomware attack known as WannaCry. A wealth of valuable information combined with insufficient protection mechanisms, makes the medical industry a prime target for attackers.  

Experts warn that securing patient records is just the beginning of the challenge for IT and security teams. Think about Internet-enabled devices that collect information about the human body in real time. It’s not science fiction: the medical industry has already embraced Internet of Things (IoT) devices, from wireless heart rate and blood pressure monitors, to wearable emergency alert systems. In fact, 90% of healthcare IT networks have IoT devices connected to them. When it comes to the healthcare of the future, today’s advances are just the beginning. Someday soon, we all might have computers inside our bodies.

IoT: A New Threat

Healthcare-related IoT devices are becoming more commonplace, as well as increasingly integrated into patients’ lives. That makes a recent survey of healthcare IT decision-makers particularly sobering. Conducted by ZingBox, an IoT security solution provider, survey respondents were asked about their ability to counter threats targeting Internet-connected medical devices. In light of recent cyberattacks directed at their industry, their responses were surprising.

According to the ZingBox data, more than 70% of IT decision-makers believe that the traditional security solutions used to secure laptops and servers are sufficient to secure IoT-connected medical devices. Additionally, the survey found that 75% of respondents in healthcare organizations report being “confident” or “very confident” that all the devices on their network are sufficiently protected.

Unfortunately, these findings suggest an industry-wide attitude that is naïve at best and dangerous at worst. Inside cybersecurity circles, IoT devices have long been a grave concern, primarily because they prioritize convenience over security. Many devices are difficult to patch or update, or equipped with the most basic software.

Additionally, many devices are configured to share data first and ask questions later, meaning that sensitive information could be circulating across insecure networks. Most importantly, these devices are so seamlessly integrated into our lives that we forget they’re even there – creating an often-overlooked security vulnerability.

Action, Not Complacency

IoT devices make the healthcare security landscape more complex, and industry decision-makers must be prepared to devote the resources necessary to plan for the inevitability and counter evolving challenges. These decisions don’t all rest with the IT department.  Cybersecurity in the healthcare industry – and all others – starts at the top.

Hospital leadership can prepare and manage risks by viewing cybersecurity risk as an enterprise risk. If you want to learn more about how to build and execute a risk management strategy that considers all types of cyber threats, including those posed by the Internet of Things, contact us to schedule a Cyber Resolve training session in your boardroom or C-suite.