As cyberattacks against small- to medium-sized businesses (SMBs) continue to grow, one sector, in particular, has seen a significant increase in attacks over the years — the healthcare sector. Not only can a cyberattack disrupt the daily operations of healthcare providers, but it can also compromise their patients as well. Here are some reasons why cybercriminals target healthcare.
Valuable patient data
Healthcare organizations house a huge amount of patient information, which is worth a lot of money on the black market or dark web. This includes personally identifiable information (PII) and protected health information (PHI).
PII is the general information of a patient such as complete name, date of birth, contact information, social security number, and physical address. PHI, on the other hand, refers to a patient’s healthcare information. This includes test results, medical record numbers, hospitalization dates, insurance plans, medication, and more.
Despite the amazing advancements in medical technology, the limited budgets of some SMBs and dental offices force them to stick with old and outdated systems. Obsolete hardware and software are harder to patch and they break down more often.
Updating and replacing your infrastructure should be done at least every 2–4 years. However, an article from HITInfracstruction states that SMBs working in healthcare often miss or overlook these important cycles. This makes it easy for hackers to exploit their system and run off with their patients' private data.
Lack of investment in cybersecurity
SMBs working in healthcare either lack the money or tend to underspend when it comes to cybersecurity. According to a SANS Institute report, most of these SMBs only allocate around 3% of their total IT budget toward cybersecurity. This is way too low compared to what IT experts recommend,which is at least 10%.
Unfortunately, some healthcare providers rely solely on traditional cybersecurity solutions such as antivirus software and firewalls, which are not effective against new and modern cyberthreats. Today's cybersecurity solutions should also include two-factor authentication, backup and recovery, data encryption, intrusion prevention, and more.
Small dental clinics are often targeted by cybercriminals because their cybersecurity solutions are either completely lacking or less complex compared to those of larger enterprises.
Numerous entry points
Today's medical devices such as defibrillators, insulin pumps, and x-rays, to name a few, are designed to connect to other devices over the internet. Unfortunately, these devices are designed mainly for monitoring the condition of patients and not much effort is placed into making these devices secure. As a result, cybercriminals can use them as entry points into healthcare systems.
No time to study new technology
Healthcare workers are often swamped with work and simply do not have time in their busy schedules to learn about the latest technology trends and security solutions. They follow tight working schedules and practices that prevent them from allocating enough time for training sessions.
Lack of cybersecurity training
Cybersecurity solutions tend to be complex, and some SMBs have neither the time nor the resources to properly train their staff in cybersecurity best practices. In fact, a Kaspersky survey involving 1,758 healthcare employees found that:
- 32% of the participants have never undergone any sort of cybersecurity training
- 19% of the participants believe their organization needs more cybersecurity training sessions
- 40% of the participants were not aware of the cybersecurity measures of their company
- 32% of the participants have only read their organization's cybersecurity policy once
The results are quite alarming and further establishes the need for proper cybersecurity training and awareness within the healthcare sector.
Attacks on SMBs working in healthcare can result in disruptions that can affect your ability to provide quality care to your patients. A highly reputable managed IT services provider (MSP) such as Pact-One can provide you with the cybersecurity solutions your dental clinic needs such as network monitoring, data encryption, email and spam protection, and cybersecurity training. If you're not sure where to start with your cybersecurity initiatives, give us a call and we'll help you get on the right track.