The healthcare industry frequently struggles with data breaches and other cybersecurity incidents. That’s likely because cybercriminals know the value of medical data. It’s also problematic that healthcare information often gets passed between multiple parties and organizations, some of which may have insufficient security practices.
Attacks from malicious actors aren’t ceasing, which means healthcare cybersecurity must remain a priority in 2020. But, what, specifically, should parties be aware of this year?
Dr. Saif Abed is the director of cybersecurity advisory services at AbedGraham, as well as the co-founder and CEO of Clinical Cyber Defense Systems, a healthcare cyber-defense systems manufacturer and security analytics provider. He recently weighed in with his thoughts about three trends likely to impact 2020.
1. Ransomware Will Get Worse
Ransomware attacks prevent authorized users from accessing files and systems unless they pay an amount the cybercriminals demand. Even then, giving the hackers what they want doesn’t guarantee a resolution, and many experts recommend parties affected by ransomware don’t try to solve the problem that way.
Ransomware stuck a variety of health facilities in 2019. Abed predicted ransomware will become even more problematic in 2020. He clarified, “Healthcare is such a known easy target now that attackers are going to increase the frequency of attacks with a more targeted approach. This is going to be a nightmare for the abundance of health systems that simply continue to be underprepared across people, processes and technology.”
Those beliefs emphasize why healthcare representatives cannot assume their facilities are safe from such attacks. The expenses associated with ransomware attacks can be substantial, especially if people get locked out of email accounts or patient records. Some hospitals had to temporarily stop treating patients due to ransomware issues, too.
The healthcare sector should take a proactive approach against ransomware by investing in preventive measures. For example, if a medical center has backup copies of compromised information, its employees may be able to keep working even if hackers target the organization with ransomware.
2. Securing Electronic Health Records Systems Will Become Crucial
Electronic health record (EHR) systems have resulted in improved information sharing between providers and facilities. The medical sector has privacy laws defining how to handle patient records, and the leading providers of EHR solutions clarify how they help health brands and professionals abide by them.
Abed believes that, in 2020, the companies associated with EHR products must recognize that they play prominent roles in keeping patients and their information safe: “If 2018 and 2019 showed us the problem with not patching legacy operating systems, then 2020 will see a greater focus on EHR suppliers and their roles in preserving patient safety.”
In his previous prediction about worsening ransomware, Abed brought up increased targeting as a problem. It could also apply to the issue of needing to secure EHR systems.
“Hospitals are increasingly dependent on digitized workflows to the extent that losing access can grind hospital operations to a halt. What happens when attackers become more sophisticated and start to target specific applications? What about EHR platforms in the cloud?” Abed pointed out.
Some companies apply artificial intelligence to EHR data to enhance workflows. For example, AI can aid in the early detection of diseases or reduce some of the manual tasks physicians do when working with EHR platforms.
AI may also assist in security. For example, Capgemini Research Institute found that 69% of organizations acknowledged they could not respond to critical cyber threats without the help of that technology. AI can detect patterns, then give alerts if network traffic shifts or a person uses a product different from the norm. EHR data must factor into overall cybersecurity moving forward, and AI could help.
3. Conversations About Securing Connected Medical Devices Will Become More Advanced
Internet of Things (IoT) devices are now so commonplace that most homes and businesses have them. The medical industry is particularly excited about the potential of medical-related IoT devices. A report from MarketsAndMarkets anticipates a combined annual growth rate of 27.6% for healthcare IoT devices from 2019 to 2024.
Abed gave some context and noted, “In 2019, medical IoT became a hot topic of conversation, with several companies vying to become leaders in this space. This attention only increased after the Urgent/11 Vulnerabilities were given national attention through the FDA.”
The event Abed spoke of referred to when the U.S. Food and Drug Administration warned how a security firm identified 11 problems that could allow a hacker to control a connected medical device remotely. Conversations about securing medical devices were in the early stages in 2019, but Abed expects a shift to happen in 2020.
“These discussions will continue in 2020, but the conversation will become more mature. Instead of obsessing over hacked infusion pumps, there will be more practical conversations about legacy endpoints in network infrastructure being critical points of failure for hospitals.”
Massive and well-orchestrated takedowns of internet-enabled medical devices are not out of the question, either. Abed continued his previous point by saying, “Couple this with the rise of 5G and increasing interoperability across health systems, and we may even see a large-scale attack based on IoT devices as the gateways of entry and spread.”
Healthcare Cybersecurity Cannot Get Overlooked
These three predictions from Dr. Saif Abed highlight why cybersecurity must become more crucial than ever to healthcare workers and companies.
As medical technologies advance at an impressive rate, cybersecurity efforts have to keep pace so that medical facilities operate smoothly and patients stay safe.