The frequency of cyberattacks targeting hospitals and health
systems more than doubled from 2016 to 2021, exposing the protected
health information of nearly 42 million patients. The healthcare
industry is an attractive target for cybercriminals because it
provides a treasure trove of data, from patients' personally
identifiable information to an organization's proprietary trade
secrets. David Lee, The Identity
Jedi, Chief Evangelist, and Visionary for Tech Diversity, urges the
healthcare sector to reprioritize the importance of cybersecurity
measures to protect the welfare of its patients and its
industry.
MARIETTA, Ga., April 30,
2024 /PRNewswire-PRWeb/ -- Healthcare is among the
top seven targets of cyber thieves with its valuable cache of data
and wellspring of potential victims. Since 2010, the healthcare
industry has endured the highest data breach costs compared to
other sectors, with each breach costing over $10 million in 2023. (2) David Lee, The Identity Jedi and Chief
Evangelist and Visionary for Tech Diversity, observes, "Healthcare
is an outlier in cybersecurity because they're often playing
catch-up due to their reliance on closed-off technology that limits
integrations with external partners, leaving them more vulnerable
to cyber threats. The industry must venture outside its purview to
gain third-party insights on fixing their Identity and Access
Management (IAM) blind spots."
"Cybersecurity technology like IAM, SBOMs,
and zero-trust architecture, in and of itself, is not a magical
elixir." - David Lee
Healthcare records are worth up to 10 times more than stolen
credit cards on the dark web because they offer more than just
cash. The at-risk data includes patients' protected health
information (PHI), financial details like credit card and bank
account numbers, personally identifying information (PII) such as
Social Security numbers, and intellectual property linked to
medical research and innovation. (3) But that's not all. Fail-safe
cybersecurity has become a matter of life and death. Ransomware and
killware cyberattacks can pose lethal threats to hospitals and
critical infrastructure. Ransomware typically extorts money by
threatening the integrity of an organization's critical data.
Killware, on the other hand, encompasses cyberattacks that cause
physical harm, whether it's lethal or not. (4)
According to a Comparitech study, ransomware attacks on U.S.
healthcare facilities since 2016 have led to approximately
$77.5 billion in economic losses due
to downtime. Each attack averages nearly 14 days and affects over
52 million patient records across 539 incidents involving almost
10,000 facilities. The study found that ransom demands varied from
$1,600 to $10
million. (5) The FBI has been sounding the cybersecurity
alarm regarding the vulnerabilities in popular medical devices like
insulin pumps, intracardiac defibrillators, and mobile cardiac
telemetry due to outdated software and inadequate security
features. Unscrupulous hackers can cause direct harm to patients by
hijacking these devices using WiFi, Bluetooth, and other remote
technology to alter readings or administer drug overdoses. (6)
The government has been taking steps to stem the tide of
cyberattacks. The Cybersecurity & Infrastructure Security
Agency (CISA) has developed a Zero Trust Maturity Model to
transition to a zero trust architecture. (7) "Trust but verify" is
the core principle of zero trust, where all components of a
cybersecurity supply chain are deemed untrustworthy and, therefore,
always vulnerable to internal and external threats.
Section 524B of The Consolidated
Appropriations Act, 2023 ("Omnibus"), Ensuring the Cybersecurity of
Devices, empowered the FDA to require medical device manufacturers
to include a Software Bill of Materials (SBOM) with each device.
(7) An SBOM includes a structured list of components, libraries,
and modules comprising software and the supply chain. (9) By
identifying software components and constantly monitoring the
supply chain for potential breaches, organizations can pinpoint
outdated or open-source software that may be susceptible to cyber
breaches.
The Health Insurance Portability and Accountability Act of 1996
(HIPAA) pioneered patient data protection. HIPAA is a federal law
that established national standards for protecting and disclosing
sensitive patient health information. (10) In 2023, the HIPAA
Journal emphasized the importance of identity and access management
in the healthcare industry. IAM involves implementing a range of
administrative, technological, and physical defenses to control
access to resources and data. It ensures access is granted
according to job roles, authority, and responsibilities,
facilitating appropriate access for authorized individuals while
preventing unauthorized entry. (11)
IAM consists of single sign-on systems, multifactor
authentication, and privileged access management. These
technologies also securely store identity and profile data and can
perform data governance functions. Lee explains, "As cyberattacks
increase, the healthcare industry responds with more integrated
systems, which creates a larger attack surface for cybercriminals,
with each additional connected system offering a new avenue for
attack. Healthcare has its own ecosystem, and it tends to
self-medicate when it comes to cybersecurity, at its own
peril."
A survey by the Healthcare Information Management and Systems
Society discovered that healthcare organizations spend a paltry 7%
of their budget on cybersecurity. Fifty-five percent of healthcare
IT professionals reported that their organization had experienced a
significant security breach in the last year, and 74% say hiring
qualified cybersecurity professionals is a considerable challenge.
(12)
The healthcare industry is more concerned with the health of
their patients, hiring the best staff, scientific research, and
discovering groundbreaking treatments that can save more lives.
Cybersecurity becomes a significantly lower priority.
It's critical for the healthcare industry to find effective and
affordable solutions to prevent a devastating attack on the
life-saving care they provide. Lee emphasizes, "Cybersecurity
technology like IAM, SBOMs, and zero-trust architecture, in and of
itself, is not a magical elixir. It requires people with the right
skills and expertise to implement it successfully. Healthcare needs
to expand its trust circle to include cybersecurity professionals
who can provide the urgent care the industry needs to protect
itself and the millions of lives it
serves."
About The Identity Jedi
David Lee transitioned from a
software engineering background to become a harbinger of change and
inclusivity in the tech world. With over two decades of experience,
he has left his mark on government agencies, Fortune 500 companies,
and numerous fields, specializing in identity and access
management. Recognizing that for technology to truly transform the
world, it must embrace diversity, David serves as an agent of
transformation, inspiring individuals to unlock their full
potential. His influential voice and actionable insights have
solidified his reputation as a respected figure in the
ever-evolving tech landscape. He is available for speaking
engagements. When he speaks, people listen. He is The Identity
Jedi. Visit https://www.iamdavidlee.com/.
References:
- "Half of Ransomware Attacks Have Disrupted Healthcare Delivery,
JAMA Report Finds." Healthcare IT News, 10
Jan. 2023,
http://www.healthcareitnews.com/news/half-ransomware-attacks-have-disrupted-healthcare-delivery-jama-report-finds.
- The 7 Industries Most Vulnerable to Cyberattacks | Ekran
System,
ekransystem.com/en/blog/5-industries-most-risk-of-data-breaches.
Accessed 19 Apr. 2024.
- "The Importance of Cybersecurity in Protecting Patient Safety:
Cybersecurity: Center: AHA." American Hospital Association,
aha.org/center/cybersecurity-and-risk-advisory-services/importance-cybersecurity-protecting-patient-safety#:~:text=Why%20health%20care%20gets%20hit,thieves%20and%20nation%2Dstate%20actors.
Accessed 19 Apr. 2024.
- Flynn, Shannon. "Killware vs. Ransomware: What's the
Difference?" MUO, 6 Sept. 2023,
makeuseof.com/killware-vs-ransomware-difference/.
- Olsen, Emily. "Ransomware Attacks on Healthcare Facilities Cost
$77.5B in Downtime, Report Finds."
Healthcare Dive, 27 Oct. 2023,
healthcaredive.com/news/healthcare-ransomware-costs-comparitech-77-billion/698044/.
- "FBI Warns of Vulnerabilities in Medical Devices Following
Several CISA Alerts." Cyber Security News | The Record,
12 Sept. 2022,
therecord.media/fbi-warns-of-vulnerabilities-in-medical-devices-following-several-cisa-alerts.
- "Zero Trust Maturity Model: CISA." Cybersecurity and
Infrastructure Security Agency CISA,
cisa.gov/zero-trust-maturity-model. Accessed 19 Apr. 2024.
- Center for Devices and Radiological Health. "Cybersecurity in
Medical Devices Frequently Asked Questions (FAQs)." U.S. Food and
Drug Administration, FDA,
fda.gov/medical-devices/digital-health-center-excellence/cybersecurity-medical-devices-frequently-asked-questions-faqs.
Accessed 19 Apr. 2024.
- "What Is an SBOM?" Linux Foundation, The Linux Foundation,
13 Sept. 2022,
linuxfoundation.org/blog/blog/what-is-an-sbom.
- "Health Insurance Portability and Accountability Act of
1996 (HIPAA)." Centers for Disease Control and Prevention, Centers
for Disease Control and Prevention, 27 June
2022, cdc.gov/phlp/publications/topic/hipaa.html.
- Identity and Access Management (IAM) in Healthcare,
hipaajournal.com/identity-access-management-iam-healthcare/.
Accessed 19 Apr. 2024.
- Southwick, Ron. "Healthcare Cybersecurity Budgets Are Rising,
but Workers Are Hard to Find." OncLive, OncLive, 2 Mar. 2024,
chiefhealthcareexecutive.com/view/healthcare-cybersecurity-budgets-are-rising-but-workers-are-hard-to-find.
Media Inquiries:
Karla Jo Helms
JOTO PR™
727-777-4619
jotopr.com
View original content to download
multimedia:https://www.prweb.com/releases/insights-from-the-identity-jedi-for-shoring-up-healthcares-cybersecurity-defenses-302131219.html
SOURCE The Identity Jedi