Medical records and personal identifying information have high value on the black market. Criminals know this, and, as a result, healthcare has seen an alarming increase in cyberattacks in recent years.
Ransomware attacks, where hackers encrypt hospital systems and demand payment to restore access, are a common type of cyberattack on healthcare organizations. According to research published in JAMA Health Forum, the annual number of ransomware attacks against healthcare entities more than doubled to 91 reported cases in 2021 from 43 cases in 2016.
The stakes to regain access from ransomware attacks are alarmingly high — it’s not just data at risk, it’s patient lives. A ransomware attack at a hospital in Düsseldorf, Germany, forced the facility to close its emergency department, and a patient died while being rerouted in an ambulance to another hospital.
A ransomware attack is also blamed for an infant death in Alabama. A lawsuit against Springhill Medical Center in Mobile says the baby died due to a cyberattack. The suit claims that because the systems were down, the hospital was unable to notice a critical change in fetal heart rate during birth. The child died nine months later.
COVID-19 has only exacerbated the threat to healthcare. The pandemic created new vulnerabilities for healthcare organizations, including increased reliance on telehealth and remote work.
In a recent Senate Homeland Security and Governmental Affairs Committee hearing, experts warned U.S. senators about the critical importance of cybersecurity in the healthcare industry. The witnesses emphasized the severity of cyberattacks on healthcare systems and their potential to compromise sensitive medical information. Rural providers face even bigger risks due to staffing shortages, they said. Kate Pierce of Fortified Health Security noted in the hearing, “Most of them have no staff that are directly assigned to cyber.”
Healthcare ups the investment in cyber roles
Amid these serious attacks, new investments in cybersecurity have become critical for healthcare organizations. That means job opportunities have also emerged for cybersecurity professionals. In a survey of healthcare organizations, Healthcare Information and Management Systems Society (HIMSS) found that 82% of organizations had increased their cybersecurity budgets and 55% had increased their cybersecurity staff in response to the COVID-19 pandemic.
Cybersecurity roles in healthcare organizations vary but often include responsibilities such as developing and implementing cybersecurity policies, conducting risk assessments and responding to security incidents. These roles often require specialized knowledge of healthcare regulations and industry-specific cybersecurity needs.
The state of cybersecurity in healthcare is a complex and evolving issue. The healthcare industry is expected to continue to face a growing threat of cyberattacks, which will prompt an even higher need cybersecurity professionals in the space.
Next step
Demonstrate that you’re on the forefront of securing patient health information and navigating a complex regulatory environment with (ISC)² Healthcare Certificates. Focus areas include healthcare security essentials; privacy and security for healthcare organizations; risk assessment and management in healthcare settings; and more.