Healthcare is one of the three sectors with cybersecurity issues that the White House has set its sights on (the other two are the water and telecommunication sectors). Unfortunately, as the healthcare industry explores cloud technologies to communicate and store sensitive patient data, it has been subject to numerous cybercriminal attacks. Even though many security and privacy frameworks are in place to safeguard protected health information, cybercriminals have exploited the loopholes in the existing frameworks to launch their attacks. The White House's instructions and the development of new healthcare cybersecurity guidelines offer optimism for mitigating these cybersecurity threats in healthcare.
What is cybersecurity in healthcare?
Cybersecurity in healthcare entails securing electronic data and assets against unwanted access, use, and disclosure. It seeks to safeguard an electronic form of protected health information from cybercriminals. Preserving the confidentiality, integrity, and accessibility of information are cybersecurity goals.
What assets should the healthcare sector protect?
Among the various assets healthcare must protect are EHR systems, e-prescribing systems, practice management support systems, clinical decision support systems, and other devices that make up the internet.
What are common cybersecurity threats in the healthcare sector?
The four biggest cybersecurity threats in healthcare in 2022 are phishing, ransomware attacks, data breaches, and Distributed-Denial-of-Service (DDoS) attacks. A famous cyberattack in healthcare was a DDoS attack in March 2020 on the United States Health and Human Services Department (HHS). The attack sent millions of requests to HHS servers in an attempt to gain control and disable access to the site.
Why are cyberattacks of concern in healthcare?
Cyberattacks may endanger patients' health, safety, and quality of care in the healthcare industry. For example, patients' personal information may be stolen by attackers and sold for fraudulent purposes. Also, the attacker can alter the data, which might significantly affect patients' treatment outcomes. Additionally, ransomware can lock down patient care systems until hefty ransom payments are made.
What are the healthcare laws and regulations on cybersecurity?
Some of the regulations that seek to protect patients' privacy are: the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Federal Trade Commission, and the proposed American Data Privacy Protection Act (ADPPA).
What new efforts are being made to maintain cybersecurity?
The HHS wants to collaborate with hospital partners to create basic cybersecurity standards. The approach is in line with the administration's executive order (EO 14028), emphasizing public-private partnerships for improving cybersecurity and strengthening security within federal information systems.
Why the focus on establishing public-private partnerships?
Most of the crucial infrastructures in the US are owned and operated by the private sector. Therefore, partnerships with the private sector on threat sharing and establishing standards are essential for both parties' success. The outcomes of the Colonial Pipeline cyberattack, which interrupted miles of the US petroleum supply chain in May 2021, served as one example of the advantages of deliberate, goal-oriented public-private collaborations.
What can be done to help avoid cyber threats in healthcare?
Providers can prevent cyberattacks by:
- regularly conducting risk assessments on their vulnerability to cyberattacks
- having both basic and advanced security controls in place
- Training their staff in healthcare cybersecurity
- Using data encryption for sensitive data
- Using off-site data backup systems