Healthcare companies are large, and ever-growing, keepers of sensitive data. This makes them prime targets for ransomware and other cyber threats. According to federal records, over 385 million patient records have been exposed in healthcare breaches since 2010.
Healthcare is a critical national industry, so lacking cybersecurity standards for companies in this space poses a serious national security threat. Furthermore, breaches and attacks have increased substantially over the last decade. The pandemic is likely to have exacerbated these issues, as a combination of short staffing and increased use of electronic record-keeping causes hospitals to be more vulnerable to cyber threats – described in this article as an “expanded digital attack surface.”
Several other factors contribute to the difficulty of preventing breaches. First, hospitals often use third-party systems to record and communicate data, leaving them unable to internally address security flaws and at the mercy of patches/updates from these sources. Next, most cyber threats occur from international sources and are outside the reach of the FBI. It is nearly impossible to hold hackers accountable for their actions. Finally, hospitals relying on electronic infrastructure to provide life-saving services have a strong incentive to quickly pay ransoms, causing hacks to have a high ROI for criminals.
Security experts have been vocal in their support for upgrading healthcare cybersecurity, as it currently is not where it should be given the threat landscape.