By Dan L. Dodson
Now in its 18th year, Cybersecurity Awareness Month continues to raise awareness about the importance of cybersecurity across our Nation. Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure everyone in the Nation has the resources they need to be safer and more secure online.
The month’s theme of “Do Your Part. #BeCyberSmart.” encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity. But it’s a message, particularly for the healthcare industry, that should resonate not just during the month of October, but all year long.
The healthcare sector has long been a target for hackers due to the sensitive nature of patient data flowing through healthcare IT systems and the lack of robust, mature security programs. Healthcare data is highly prized on the dark web since it can be used to create new identities, making it more valuable than basic credit card information.
As the healthcare industry gets some breathing room from the pandemic, another one is surging – cyber attacks. Like the pandemic, these attacks have the ability to prevent hospitals from providing care to patients. Malicious actors are targeting the healthcare industry specifically for that reason.
We have entered a new era with the criminals behind these attacks. This year we have seen ransomware-as-a-service become a normality in the cybercrime community, with cyber gangs being supported by nation-state actors. Not only are these gangs committing the crimes, but they are offering support to other thieves to orchestrate more attacks.
Their attacks have caused sizeable damage in all industries. The sophistication and severity of attacks on healthcare has pushed the average cost of a breach to more than $9 million per incident, a 10% increase in just one year. Further, these attacks affect not just the bottom line but severely hamper patient care and the brand reputation. Lawsuits are being filed by patients who were prevented from receiving care during a cyber incident with increasing regularity. These increasing costs have also caused underwriters of cyber insurance to rethink policy renewals and require attestations around the deployment of certain cybersecurity tools in order to maintain cyber insurance coverage.
The attacks on our nation’s critical infrastructures which includes our hospital systems, has resulted in government agencies showing a renewed focus on cybersecurity. This has helped move cybersecurity to the forefront of many boardroom discussions. We, as healthcare leaders, must seize this opportunity to educate and inform stakeholders on the current cybersecurity threat landscape and the actions needed to combat these attacks.
Technologies and tools being in place are not a guarantee that a hospital is secure from these cyber attacks. Employees are often targeted by attackers as a way to bypass technical security controls. Infusing cybersecurity into the mindset of all employees is a cultural change which needs to be prioritized and adopted throughout the entire organization. Leaders must realize that employees are on the frontline of these sophisticated attacks, and it is an organizational responsibility to be diligent in our efforts to protect patients and patient data.
To combat these gangs and their criminal activity, it is important that we also adopt a collaborative mentality and share ideas freely. Developing a cyber aware culture is a necessity within the hospital and health system. Additionally, it is just as important to leverage other ecosystem resources to stay informed of emerging threats, listen to lessons learned from our peers and to discover additional tips used by other security professionals to stave off the bad actors to protect their environments, patients, and data.
To once again echo the theme of this important month, every healthcare stakeholder must do their part and #BeCyberSmart as we continue our efforts to protect patients and patient data.