The need for healthcare executives to reassess their cybersecurity policies and strategies has never been more critical. But how can security operations professionals within healthcare organizations balance the need to meet regulatory mandates while securing critical network infrastructure and patient data? Even though healthcare organizations, including providers, payers, pharmaceutical companies, medical device manufacturers and medical research organizations, aren’t lucrative money centers like banks or credit unions, they are sitting on a treasure trove of valuable personal information that cyber criminals are increasingly eager to access.
According to the 2017 Verizon Data Breach Investigations Report (DBIR), healthcare organizations have become a top target for hackers delivering malware-based ransomware, which accounts for 72% of the malware incidents in the healthcare industry. It’s apparent that the cyber risk to healthcare organizations, and their patients, is not going away anytime soon. As new threats continue to escalate and extend to IoT-based medical devices, many healthcare organizations will continue to be compromised through known attack vectors and patterns such as phishing attacks, misconfigurations and unpatched systems. According to the Identity Theft Resource Center, between 2014-2016 there were over 950 confirmed data breaches within the healthcare industry, and of those three years, the most recent (2016) had the largest number of breaches.