Healthcare organizations are increasingly being targeted by cyberattacks due to the gold mine of personal data they possess.
The phrase, “First, do no harm,” is commonly referenced among medical professionals to reflect the utmost importance placed on patient care. The phrase is often attributed to the original version of the Hippocratic oath, though its true derivation is, in fact, unknown. Regardless of the etymology, the sentiment is clear: above all else, a healthcare professional should consider patients’ well being. And in 2019, “well being” has evolved to include privacy and cybersecurity concerns.
The potential, real-world effect these attacks can have is substantial. (See the WannaCry and NotPeyta ransomware attacks of 2017.) Cyberattackers now have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible.
And, with increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.