In a hospital, the stakes are always high. With lives on the line, clinicians work tirelessly to protect patient health. But what happens when a cyberattack disrupts mission-critical operations? Patient care is delayed. Digital operations are halted. Data access gets restricted. The risk of avoidable, adverse events increases.
Cyberattacks against hospitals are evolving. The U.S. Department of Health and Human Services (HHS) reported a 264% increase in ransomware attacks against healthcare organizations within the past five years. And the hackers behind them are no longer motivated by profit alone. Organized criminal gangs and military units are targeting critical sectors, and unlike amateur hackers, they’re out not just to gain monetary reward but also to instill fear and disrupt core business operations.
This poses grave implications for hospitals, providers administering care, and patients receiving treatment. Successful cyberattacks can bring health systems to their knees. Downed systems, inaccessible patient data, and disruptions to operations incidentally increase patient risk. In one case, a hospital asked its staff to donate O-type blood after a cyberattack created a supply disruption and paralyzed a hospital's blood-testing operations. And when sensitive patient data is compromised, patients can experience physiological distress from the risk of ePHI access and identity theft. Healthcare organizations face reputational damage, loss of trust, and steep fines.
While ransomware attacks are the most high-profile, hospitals face attacks of all kinds. According to the Department of Health and Human Services, some of the top vectors include social engineering, phishing, and DDoS. The attacks aren’t slowing, and they’re only getting more sophisticated, and therefore more effective. Hospitals must update their cyber defense mechanisms to counter the elevated threat level and secure their systems. Today, better cybersecurity isn’t optional; it’s more essential than ever.
The best way for hospitals to minimize the impact of cyberattacks is to reduce the risk of them happening in the first place. Some strategies cybersecurity teams should be employing:
Of course, not all threat vectors can be eliminated. A cyber resiliency model protects the patient and minimizes disruption to the business when cyberattacks are successful.
Healthcare organizations have a formidable task before them. Where patients and lives are concerned, the stakes will always be high. But better cyber defense is not impossible. By increasing preparedness (through tabletop exercises, cyber risk management, information sharing, and more), they can reduce the likelihood and impact of successful cyberattacks. And they can better fulfill their mission to protect patient health.
To get the latest industry insights on all things healthcare and cybersecurity, subscribe to the Perspectives newsletter.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.