Posted in Breaches

Dire warning: Healthcare cyberattacks will get much worse

Chris Nerney
Chris Nerney, Contributing Writer |
Dire warning: Healthcare cyberattacks will get much worse

Healthcare security has been in the news this year for all the wrong reasons. Not only has healthcare led all other sectors in being the target of ransomware attacks, a new analysis by a network security vendor gives the healthcare industry low grades for cybersecurity.
The healthcare sector scored a “D” overall in Tenable Network Security’s 2017 Global Cybersecurity Assurance Report Card, trailing financial services, manufacturing, telecom, and retail. Only the education and government sectors had lower average scores.
More ominously, given the sharp escalation of attempted healthcare breaches, the industry had the lowest score of all industries in risk assessment – a 54 (otherwise known as an “F”).
This undoubtedly would come as no surprise to Joel Brenner, former senior counsel at the National Security Agency and currently a research fellow at the Massachusetts Institute of Technology. Speaking at the HIMSS Privacy & Security Forum in Boston Monday morning (as reported by Healthcare IT News), Brenner told the audience that healthcare has a very high ratio of successful breaches to attempts.
“This is a management issue, not a technology issue,” he said. “Most companies, even big ones, don’t know what’s going on in their networks. This should cause some soul-searching.”
In an age where providers are striving toward greater interoperability, lack of awareness regarding cybersecurity can enable threats such as malware to travel across networks and systems. As always, though, the biggest vulnerabilities in an enterprise are employees who don’t use security best practices.
“It’s about training your people - repeatedly,” Brenner said. “You don’t need a big plan; no one opens that manual in times of crisis. You need a simple checklist.”