Cybersecurity in Healthcare: The Impending Threat

Illustrative image for cyber security only

Organizations, in the process of collating and storing huge volumes of data on digital platforms, end up placing themselves at enormous risk of losing valuable information to cybercriminals. Estimated annual losses attributed to cyberattacks committed globally, amount to over USD 100 billion. The year 2017 witnessed several cyberattacks; notable examples include WannaCry and NotPetya ransomware attacks, Equifax data breach, MongoDB databases leak, Elasticsearch server hack, Cloudbleed security bug, Zomato hack, HBO hack / Game of Thrones leaks, Uber data breach, and Ethereum hack. In fact, upon careful assessment of the gravity of the situation, in today’s world, cybercriminal activity threatens more than just privacy of individuals. Recent occurrences have demonstrated the potential of capable hackers to steal confidential data from large multinational organizations and even cripple established economies of the most secure nation.

Over the last several years, the healthcare industry has been amongst the prime targets for hackers across the globe. In fact, this gigantic industry accounts for almost 25% of the total number of data breaches worldwide. The Ponemon Institute’s Fifth Annual Study reported that cyberattacks in healthcare have increased by a factor of 125% since 2010. Further, according to a report published in May 2016, it was estimated that, with each electronic health record (EHR) costing around USD 355 in the black market, healthcare data breaches have resulted in losses worth USD 6.2 billion per year to the US healthcare industry. Examples of healthcare organizations that have been victims to cyberattacks / security breach incidents in the recent past, include Abbott / St. Jude Medical, Anthem BlueCross BlueShield, Bayer, Bupa Global Health Insurance, Bronx Lebanon Hospital Center, HealthNow Networks, Johnson & Johnson, Med Center Health, Merck, National Health System (NHS), Pacific Alliance Medical Center, Patient Home Monitoring, and Smiths Medical.

Specifically, in the healthcare sector, most of the larger corporate entities already appreciate the enormity of the situation and have taken the necessary steps to counter online terrorism. However, a significant fraction of the smaller organizations in this domain, do not yet consider themselves as viable targets for cybercriminals, positioning themselves as easy prey to unethical hacking.

Despite numerous threat assessments and campaigns focused on raising awareness on cybercrime, capital spending on cybersecurity in the healthcare industry is far less in comparison to some other high-value industries. In addition, the scarcity of skilled cybersecurity professionals capable of catering to the complex regulatory demands in the healthcare industry is making it even more difficult for the successful implementation of cybersecurity policies across this field. Moreover, the next generation of hackers have already shifted to using more sophisticated means, and artificial intelligence may soon become a potent weapon against the civilized world, in the hands of the cybercrime syndicate. It is therefore, very critical to establish a defined framework for monitoring security, and improving and consistently updating cybersecurity programs and strategies.