From Chanel Benoit, Account Director at Greenough Brand Storytellers
IoT-focused cyberattacks in healthcare are on the rise
A recent survey by security software company Irdeto revealed that 8 out of 10 healthcare organizations have experienced an internet of things-focused cyberattack in the past year.
As the integration of internet-connected medical devices increases across healthcare, network security will no longer be enough to protect organizations from the associated risks. The takeaway: Healthcare organizations need to factor security at both the app and device level into their 2020 strategies.
New data from the Harvard T.H. Chan School of Public Health and POLITICO shows that less than 20% of Americans have a great deal of trust in health insurers to keep their personal information secure, while less than a quarter have a great deal of trust in hospitals to do the same.
Highly publicized, large-scale data breaches have clearly shaken American trust, and lackluster efforts by healthcare organizations to invest in proper cybersecurity means that’s not likely to change anytime soon. It’s time to address this issue and restore American confidence in our nation’s ability to protect their data.
Grays Harbor Community Hospital took the good advice of cybersecurity experts who urge healthcare organizations to not comply with ransom demands. Most experts believe that paying only gives cybercriminals an incentive and, as we’ve seen in many cases, hackers won’t provide the decryption key even after receiving payment.
Unfortunately, not all organizations have followed this guidance. Earlier this year, physician owners at Spokane, Wash.-based Columbia Surgical Specialists paid hackers more than $14,000 in response to a ransomware attack, after determining that they needed access to the encrypted data to provide care to their patients.
Despite the uptick in ransomware attacks in the last several years, many healthcare organizations are still not adequately prepared. Board buy-in on cybersecurity strategy, qualified personnel and employee training remain high priorities in this new landscape.
First appointment of medical director of cybersecurity
Emergency physician and medical informaticist Christian Dameff, M.D. became the first medical director of cybersecurity at any U.S. patient care organization. The University of California San Diego Health system broke new ground this past July with the appointment.
In an interview, Dameff said a big focus for him will be cyber preparedness. “Hospitals have plans in place for earthquakes and hurricanes and other natural disasters. There’s a dearth of guidance around what to do when you are hit with ransomware, or by Anonymous,” he said.