Latin America. The increase in digital exposure by the healthcare sector has brought significant benefits but also means that cybercriminals find an opportunity to attack these organizations.
The volume of cyberattacks on organizations in this sector has increased significantly. Hospitals, labs, health plans, drug manufacturers, and other institutions have been targeted by cybercriminals, and there are many reports of organizations compromised with malware and other data security-related issues.
Why is the healthcare sector a target?
This industry is an attractive target for attackers because it is more likely to pay ransoms than other industries. Healthcare organizations typically include a high volume of outsourced vendors, legacy technologies, and disparate interconnected systems, as well as having data stored with a high level of sensitivity and criticality. This creates a concern about the potential leakage or compromise of technological environments that store patient information, prescriptions, exams, and other sensitive data used for each person's treatment.
A study by researchers at the University of Minnesota has shown that the volume of attacks targeting healthcare organizations has more than doubled between 2016 and 2021. According to Helder Ferrão, director of industry strategist for Latin America at Akamai Technologies, this is a global trend, and in Latin American countries it is no different. This illustrates the attention this sector has been receiving from cybercriminals. There have already been cases in different countries in which attacks by cybercriminals have generated consequences that have caused the death of patients or serious errors in the control of medicines that should be administered.
How can healthcare organizations defend themselves?
Many steps can be taken to avoid problems with the data security and technology environments of these organizations, but the first step is to raise awareness among employees, especially those who are not related to technology areas. "Education is the key to keeping the environment "healthy" in terms of safety. Training employees about cyber threats is an ongoing activity and should not be one-off, as attack techniques evolve and change," said the Akamai executive.
"Phishing attacks typically target employees and can be used as a gateway to compromise applications and systems. It is interesting to implement cybersecurity solutions that prevent or act against these attacks, such as those based on the monitoring and control of the activities of DNS systems, which inspect the Internet connections made by the devices used by employees and prevent them from connecting to malicious sites. Solutions must also inform IT of any security issues and enable immediate mitigation actions," continued Helder Ferrão.
Many healthcare organizations have moved their EHRs, intellectual property data, and other medical data to the cloud to increase flexibility, accessibility, and speed of retrieval. However, this migration may have occurred without proper planning when it comes to protecting this data. Sensitive patient information and data may be hosted in different cloud environments that may not have the best security solutions.
After any urgent need for migration, a vulnerability study must be carried out that contemplates the entire environment, migrated or not, and apply risk mitigation actions at the best possible time. In addition to this, implementing a Zero Trust security posture (based on the principle of "trust, but always verify") will help organizations protect their data, assets, access mechanisms, and the technology environment responsible for processing their business applications.
"Since the arrival of the pandemic, the healthcare sector is moving towards building new and efficient digital experiences, and choosing an expert cybersecurity partner and the most efficient solutions can contribute significantly to this new era of digitalization of healthcare. This evolution must bring with it the mission of guaranteeing the security of those who depend on the essential services of this sector so relevant to the economy and society as a whole," Ferrão concluded.
Leave your comment