The ransomware onslaught on hospitals and healthcare organizations is being seen as the catalyst for boards to shift operational priorities and put more focus on cybersecurity initiatives.
In a recent interview with Healthcare IT News, Steve Smerz, Halo Health CISO, made it clear why hospitals are under attack. His statement was the following, “Becoming a ransomware target involves three main factors – typically money, a critical use-case and an access point. And health systems have all three.” We’ve seen the result of this in 2021, a 350% increase in ransomware attacks on healthcare organizations, an average of over 600 attacks weekly, and entire hospitals shutdown as a result.
This growth in attacks targeting healthcare have caused a change in focus. According to Smerz, “It's up to IT leaders and the health systems they support to keep pace, which of course is a challenge even under the best of circumstances. Security is a risk no one is willing to take.”
According to Smerz, the primary “access point” hospitals need to be concerned about is the human element, stating that “health systems are remarkable examples of people working together, quickly, under busy and occasionally difficult scenarios. That adds up to a chance for a staff member to click on an email that looks real or to fall for sophisticated phishing efforts. The result is that every hospital or health system is potentially at risk for a ransomware attack. No one should assume it won't happen to us.”
Of course, this is all about employee vigilance. You can’t ask a nurse to stop their work and focus on whether an email is malicious or not; it’s something that needs to be innate – which can be taught over time through continual Security Awareness Training.
Attacks on healthcare aren’t going to stop anytime soon. So putting a layered defense in depth strategy together that includes the user as part of the defense is going to be critical.