Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

Healthcare’s Unique Cyber Risk Management Challenges

The healthcare industry has experienced an onslaught of cyber-attacks over the last year, primarily driven by the fact that patient records are highly prized assets among cyber criminals.

The healthcare industry has experienced an onslaught of cyber-attacks over the last year, primarily driven by the fact that patient records are highly prized assets among cyber criminals.

Protected health information sells for 30 times more than financial information on the dark web, since it contains a full identity profile including social security numbers. Being in the cross hairs of motivated cyber gangs is forcing the healthcare industry to address some stiff cyber risk management challenges. Let’s look at what steps the industry can take to reduce the likelihood of data breaches.

According to data provided by the United States Department of Health and Human Services, Office of Civil Rights (HHS OCR), the number of data breaches in the healthcare sector increased by 63 percent in 2016. In addition, the survey exposed two new trends: the acceleration of medical device hijacking and an increase of ransomware attacks.

In the case of medical device hijacking, cyber-attackers are exploiting backdoors in hardware devices such as X-ray machines and life-support equipment to plant malware. Once installed, it can be used to move laterally across the network to access and exfiltrate health information. 

While medical device hijacking requires sophistication, ransomware attacks are easier to conduct and show immediate return on investment. That’s why the industry has seen a wave of these attacks. The criticality of operations makes healthcare providers an easy target. Since lives are often at stake, it is essential for healthcare providers to ensure business continuity. The recent WannaCry ransomware attack had devastating impacts on the United Kingdom’s National Health Service, illustrating the severity of cyber security threats in the healthcare industry. 

Unique Challenges

Traditionally, healthcare providers’ mission is to save lives. As a result, IT security departments are typically not a top priority when it comes to budget dollars and are often chronically understaffed. This explains why many healthcare IT environments are outdated and consequently woefully unprepared to deal with these new types of cyber-attacks.

Another contributing factor is that many medical systems use older operating systems and proprietary software. Thus, they are often not being actively patched or are exposed by lengthy patch release cycles, making them a welcome target for cyber criminals.

To complicate matters, the increased digitalization and exchange of healthcare information between services providers has dramatically broadened the industry’s attack surface. This is placing healthcare providers in an even more defensive position. The Internet of Things, which is targeting the healthcare market as one of its prime beneficiaries, will only make things harder. At the same time, healthcare organizations face strict standards and regulations (e.g., HIPAA, HITECH, HIMSS) relative to privacy and security.

Improving the Odds

The increased focus of cyber criminals on the healthcare industry makes it critical for providers to implement up-to-date security measures and prepare incident response plans to assure business continuity. The following best practices provide a solid foundation for reducing the threat of falling victim to cyber-attacks:

• Drive cultural change in the organization to incorporate security practices into day-to-day operations and secure the financial resources required to implement them.

• Frequently train employees to minimize the risk of Phishing attacks and social engineering. 

• Adopt basic safeguards such as data back-up, anti-malware tools, firewalls, and data encryption.

• Include IT security staff members in the buying decision process for medical systems and devices in order to raise transparency and awareness, and negotiate proper patch release cycle policies with suppliers.

• Increase the frequency of vulnerability scans to gather more timely security intelligence, which can assist in the detection of security gaps, control failures, and also verify if remediation actions were effective.

• Supplement vulnerability assessments with penetration testing to determine whether the specific vulnerability is actually exploitable or not.

By implementing these measures, while correlating and contextualizing external threat data with internal security intelligence and business criticality, healthcare organizations can operationalize their cyber security practices to shorten time-to-detection and ultimately, time-to-remediation of cyber threats. 

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...