The Healthcare industry is the most targeted industry when it comes to cybercrime and cybersecurity threats. During National Cybersecurity Awareness Month InterMed’s JumpTeamsTM Manager, Brandon Karas talks about some of the risks associated with network-based devices.
Hospitals and healthcare facilities are facing a growing number of network-connected devices and software; the efficiency associated with cross-network communication is proving more and more valuable to doctors. Patient care records like medication, the strength of the medication, and the flow rate, can all be input into many treatment devices – like an infusion pump. All that information is saved and transmitted through the hospital network, allowing for greater precision and control of a patient’s care.
The benefits of having this information readily available don’t come without risk; if networks are left open or vulnerable, private and personal patient information is at risk along with the device performance itself.
So how do you know if your network is vulnerable to cyberattacks? That’s where The InterMed Group comes in; our JumpTeams engineers are trained professionals that assess your cybersecurity risk and network device health, offering solutions that protect your devices and patients.
Take a look at what Brandon has to say about cybersecurity in healthcare.
While most medical facilities recognize cybersecurity as a major issue, the scale of the problem and the difficulty that comes with frequent maintenance and diagnosis of medical technology — which equates to equipment downtime — make developing solutions difficult.
An increasing number of medical devices are being designed with internet connectivity. This helps to streamline diagnoses and treatments, transfer patient data, and keep facilities more connected than ever before. Though convenient, this new scale of connectivity puts medical devices and the patient data they house in danger of cybercrime.
Healthcare is the most cyber-targeted industry with an entire third of all US data breaches happening within hospitals. Only 18 percent of healthcare companies feel confident in their ability to detect cyber attacks, while 71 percent of organizations admit to lacking a comprehensive security program.
“Twenty percent of a hospital’s equipment is connected to a network, whether through Bluetooth or hardwired into the server,” Brandon Karas, manager of JumpTeam operations at Intermed said. “What becomes at stake if your security is breached is your social security number, your address, even your personal finances.”
There is a significant financial motive behind retrieving patient data. Medical information and health research data can fetch as much as $1,000 per record on the black market, as compared to $1 for a SSN and $110 for credit card details, according to Security Magazine.
Cybersecurity breaches not only impact the security and finances of patients whose data have been exposed, but they also threaten the financial records of a medical facility and can be met with major fines.
“When there is a breach within a hospital, it’s a minimum $50,000 fine per incident,” Karas said. “Investing in cybersecurity protection is vital not just to the equipment that’s connected to a hospital’s network, but to their patients as well.”
In 2019 the number of cyberattacks on the healthcare industry alone tripled — jumping from 15 million breached personal records in 2018 to over 40 million in 2019. The number of cyberattacks have only increased during the COVID-19 pandemic, and many medical facilities simply don’t have the time to commit to cybersecurity measures.
At-risk devices are not limited to medical equipment. A new generation of internet-connected personal health devices and wearables make health data collection and monitoring easier than ever before but come with their own unique security risks.
“InterMed provides the hands-on solutions, we put boots on the ground. In-house engineers and hospital staff don’t have time to hunt down at-risk devices or holes in security,” Karas said. “Our engineers hunt and find at-risk equipment in order to build a better cybersecurity network.”
Patients are a crucial component of keeping their medical information safe. There are measures medical facilities can take to keep patient data secure, but in an interconnected world, there are numerous opportunities for data exposure outside a medical facility’s doors.
Informing patients of cybercrime risks and giving them the guidance they need to keep their devices safe and secure will help to keep their data from being compromised. Here are some tips to share with your patients:
- Software updates are not just about new features. Often important security updates are included with new software, and it is important to keep your devices updated to the newest version to protect from the latest malware.
- Register your device with the manufacturer because it helps them reach you faster with important information.
- Notice any changes in device functioning. If it is not behaving as it should, discuss it with your healthcare provider and notify the device manufacturer.
- If you are not tech-savvy, involve your family members or caregivers and educate them about your device.
Speak with an industry expert today to determine exactly what your facility may need to ensure that cybersecurity measures are up to date.
Don’t leave your patients at risk – let us assess your cyber risks for you.