Healthcare systems are enticing targets for cybercriminals. Private health information can net a large profit on the dark web, making even just one patient’s personal records a potentially lucrative discovery. For cyber terrorists, the goal is even simpler: get in. Do damage. Get out. Their objective is only to create fear and distrust— something they can accomplish quite effectively by making people feel unsafe at their hospitals.
This is all to say that hospital cyber-security breaches can have a devastating impact on the people impacted.
Why Hospitals Are So Vulnerable
Hospital networks are beholden to very strict cybersecurity laws. The same HIPAA regulations that have been protecting patient privacy since the 90s are now applied to digital healthcare technology to ensure that patients enjoy the same level of privacy even in cyberspace. This involves elaborate rules and regulations for how healthcare professionals can use patient data, but it also applies to the software itself. Firewalls and encryption are in place to strengthen cyber security and protect patient records.
Criminals get in anyway.
There are a few factors that lend to their cause:
- Hackers often operate beyond the law’s reach: Cybercrime is harder to regulate because attacks can be launched from anywhere in the world. If a group of Russian hackers attacks a rural hospital, there isn’t much that Iowa PD is going to be able to do about it.
- They have a lot of access points: Putting patient records in the cloud gave patients an unprecedented level of control and autonomy over their health, but it also created millions of access points for potential hackers. They don’t necessarily need to break into the hospital’s network. If a patient with mobile healthcare technology on their phone uses the wrong WIFI hotspot or opens a questionable link, that could be all it takes.
- Small mistakes have big ramifications: Most of the data breaches that you hear about on the news aren’t the result of some elaborate Oceans 11-type heist. Usually, it happens because someone opened a phishing email. Hackers need only the smallest opening to get in. Once they access a system, they can lurk there undetected for years.
All of these points of vulnerability give criminals a big advantage over hospitals.
Healthcare costs are so high for citizens that the idea that a hospital could itself go bankrupt seems absurd, or even obscene. And yet, it happens— most often in small towns and rural communities. In 2019, several dozen primarily rural hospitals closed their doors for good. Then, the pandemic hit. Rather than driving up business for hospitals as one might expect, it cost them hundreds of millions of dollars.
Most hospitals operate on razor-thin margins. When a major event takes place— a pandemic, or a cyber security breach— it can have a devastating, sometimes permanent impact on the local community. Through strong leadership and constant vigilance, hospitals everywhere can stay safe from cyber attacks.
The average hospital data breach costs almost ten million dollars. For hospitals already operating within the margins of bankruptcy, that can be enough to do them in.
When hospitals close, it puts an enormous strain on the community they used to serve, and nearby hospitals that now have to absorb their medical needs.
Establishing fear is sometimes the full motivation of a cyber-attack. In the Spring of 2019, a group of cyber terrorists called Wizard Spider hacked into Ireland’s digital healthcare network and locked the nation out of its own records. They demanded tens of millions of dollars— an outlandish sum that they most likely never had any intention of collecting.
What they wanted was to create fear, and that’s what they did. Ireland took the standard line and declined to negotiate with terrorists. Wizard Spider managed to keep them locked out for six weeks. During that time, hundreds of patients had their healthcare records published online.
If it can happen to Ireland, it can certainly happen to your local rural hospital. In fact, that’s part of the message. When strangers can reach out from anywhere in the world to make a highly coordinated cyber-attack, no hospital is safe.
That fear can lead to people deciding to stay away from organized healthcare altogether. Not only is this bad for them, but it also further harms the hospital itself. The legitimacy of that fear only worsens the situation. Breaches truly can happen anywhere, and they directly impact local citizens.
Cyber-attacks also have a big impact on how hospitals are able to operate. We mentioned earlier that the Ireland breach resulted in six weeks of total system lockout. However, that is only the tip of the iceberg. It can take months to fully recover from the effects of a large-scale cyber-attack.
During that time the hospital won’t be completely destabilized but it also won’t be at its peak. Now, couple that with the plain fact that most hospitals are already in a tight spot because of staffing shortages, and a bigger problem begins to emerge.
Even in the best circumstances, hospitals have a difficult job. Throw in more obstacles and it can have a direct and negative impact on patient outcomes.
Keeping Hospitals Safe
Fortunately, it isn’t hard to keep hospitals safe. Regularly maintaining your cyber security networks does most of the legwork. Everything else is just a matter of staying alert. As mentioned earlier, the majority of breaches are the result of small mistakes.
Regular training and education efforts can go a long way toward keeping hospitals safe. While the work of keeping a hospital safe from cybercrime isn’t hard, it is a constant responsibility.