Ransomware - Healthcare Security: The Hacker Economy estimated to be worth $1 trillion
One of your well-meaning employees opened a link from an email that didn't look suspicious. It didn't have any of the hallmarks of a scam, like bad spelling or funny grammar, and it wasn't asking for money; in fact, it appeared to have come from an executive in your company?
You can guess what happened next! It was ransomware with a malicious piece of code that encrypts and locks files, preventing access to your mission critical applications and might even replicate it within your intranet doing harm to more than one computer on your network.
Imagine this happens at a hospital and the hospital had to shut down all computers for a few days but eventually got online again without paying the ransom. Well, not many other facilities are this lucky.
This isn't a new phenomenon; ransomware has been around since 2005. But hackers themselves have evolved significantly. It is estimated that the "hacker economy" is now worth $1 trillion!, and they are now much more advanced than you might think today,
Cybercrime is organised crime, where malware kits can be purchased online, and even comes with technical support. New ways to gain access to your systems or environments are thought out every day and can fool even the most sceptical sort of user.
With digital connections increasing daily and will boom soon with when the Internet of Things hype takes off, more and more exploitable entry points arise that needs different ways of thinking to protect them all.
These life-and-death stakes mean cybersecurity is critically important in healthcare and other industries and highlights that we need to think of "security first" as one of our main architectural principles.
"We can't solve problems using the same type of thinking when we created them. " - Albert Einstein
It’s tempting to view cybersecurity as an IT issue or simply a matter of HIPAA compliance. But that kind of thinking won’t work in our current dynamic landscape. Today's healthcare cybersecurity requires a larger, more systematic approach.
To enhance cybersecurity efforts, healthcare organisations should:
1. Integrate security technology.
Many healthcare organizations operate under the weight of aging legacy systems and a growing collection of bolted-on security solutions. This results in a frankenstructure of point solutions that were not designed with the others in mind – creating gaps that cybercriminals are ready to exploit.
Healthcare is changing rapidly, and the possibilities for digital innovation are endless.
2. Incorporate more automation.
The 2017 cybersecurity report found that 44 percent of security alerts are never investigated!.
This is a huge risk, but staffing up or reallocating personnel can only go so far. Therefore, healthcare must increasingly rely on automation as part of a well-rounded security strategy.
3. Create a unified team.
The same healthcare climate that leads to disintegrated technology also lends itself to disconnected, siloed IT teams. Technology teams are often divided among specialties or business units. This fragmentation can undermine the ability to work together and see the big picture of security.
4. Educate employees.
Healthcare risk management is often associated with legal risk – malpractice lawsuits, or regulatory fines. But modern risk management must include cybersecurity. After all, the losses can be just as steep.
Many security experts believe the biggest cybersecurity risks come from employees themselves (and their digital behavior). That’s why your risk management strategy must include systemwide education.
Now is the time for healthcare organisations to streamline their collection of security tools!