The Road Ahead: Year-end Trends in Healthcare Cybersecurity

By Grant Elliott, CEO, Ostendio
Twitter: @ostendio

Healthcare data breaches account for over 22% of the data breaches so far in 2017. To put a number on it, that’s nearly 2 million health data records. If you’re looking for an idea of what’s to come the remainder of 2017 and on into 2018, the indicators say there’s no time like the present to strengthen all points of your cybersecurity program, regardless of organization size.

Here are my updated predictions for the remainder of the year:

1. Cybersecurity Risk Analysis will move to the top of prevention tactics. When I put together my 2017 trends predictions, I said that 2016 was the year of Ransomware attacks. So far, that holds true with worldwide ransomware attacks such as WannaCry and Petya taking place earlier this year.

We are ten months into 2017 and reports show that ransomware attacks were up 35 percent in first quarter of 2017 over the same timeframe in 2016. The slight increase in cybersecurity budgets this year has helped IT and security professionals begin to implement serious measures. However, unfortunately, I believe that cybercriminals will continue to exploit this lucrative attack method, and the US, in particular, will continue to be the hardest hit. Ransomware will continue to be a concern for organizations in 2017 and 2018.

2. More small healthcare providers will be breached. Hackers are opportunists, scanning the internet for the chance to exploit a gap, and Electronic Health Records (EHRs) often offer a way in. While small practices and rural hospitals use EHRs, they often do not have the budget required to secure their networks, and may not have made the necessary investments needed for health data protection.

The OCR has released a new data breach tool which allows you to see who has been breached, and what was the cause, in order to increase transparency. At the time of writing, there are currently 365 breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights. I predict that this number will continue to rise, with smaller healthcare providers accounting for an increasingly large portion.

3. Phishing of high-level employees will gain in complexity and frequency. Phishing has always been a successful method for cyberattacks, and I expect it to continue to be so. According to Symantec, spear phishing emails targeted over 400 businesses every day, draining $3 billion over the last three years. My advice is to conduct frequent security awareness training for your employees, including phishing campaigns. Annual training is not enough. Employees should be the front line of you cyber defense program – and that starts with training.

4. Patient danger via unprotected systems and mobile devices will rise. When you pair failure to update systems with medical mobile device vulnerability, you have a recipe for disaster. I did a radio interview earlier this year on Tech in Ten discussing the role of cybersecurity in the Internet of Things. My overall view? Cybersecurity issues in medical devices are now a point of concern for device makers and will continue to be one going forward. Device makers will now have to design will cybersecurity updates in mind as well.

5. Nation state-sponsored (or approved) cyberattacks shutting down or disrupting entire infrastructures become the norm. With the advent of more sophisticated attacks like Petya and NotPetya, evidence points to other governments being involved in cyber attacks, either directly or indirectly. Money is not the primary driver. Worldwide political issues continue to escalate, and cyberattacks are a way to flex muscle. I believe that cyber heists will continue to grow in popularity, with bank robbers being armed with tech, not guns.

6. It’s not all doom and gloom, however. Another positive trend I expect: higher demand for scenario-driven data breach response plans. As organizations shuffle priorities to tackle healthcare data security weaknesses, how to respond to cyberattacks will get renewed attention. From mega-health plans to small provider practices, those serious about health data protection will be in the market for effective, practical breach response plans.

#ICYMI hear Grant on Healthcare de Jure discussing cybersecurity and breaches in healthcare.

This article was originally published on Ostendio and is republished here with permission.