A Check-Up on Healthcare Cybersecurity [Weekly Cybersecurity Brief]

Last year, Boston Children’s Hospital was the target of an attempted cyberattack. As FBI Director Christopher Wray recently described at a conference, “We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted, and understanding the urgency of the situation, the cyber squad in our Boston field office raced out to notify the hospital.” By sharing the information with the hospital in time, the hack was fortunately blocked before taking place. Reuters reports that Iranian actors were behind the incident, and when discussing it, Wray stated that this factor reflects the growing threat of nation state sponsored attacks. That’s not all that this case represents though. It also highlights the overall cybersecurity risk that the healthcare industry faces.

According to a Help Net Security feature, increasingly advanced attacks are compromising critical elements such as patient privacy. A new study concluded that 22% of small practices and 45% of large practices have gone through ransomware experiences, which speaks to the rise in such events throughout the last three years. In fact, the healthcare sector has become the second highest in ransomware occurrences. On top of putting systems and data in danger, this trend is extremely costly. Jessica Davis at SC Magazine explains that it can run around $1.85 million to conduct a recovery effort, which puts under resourced facilities at a significant disadvantage. However, “On a positive note, these higher cybersecurity expectations are leading to improvements in cybersecurity,” writes Davis.

One such push is coming from senators who recently spoke to Congress about a proposal to implement cybersecurity reporting requirements in the healthcare field. A new bill presented for approval dictates that the Food and Drug Administration must release updated guidelines every two years and publish discovered device vulnerabilities on its website. As The Verge points out, such instruction comes after years of warnings around the security of medical devices, which have been confronted with evolving risks associated with the expanding dependence on IoT tech. Introducing requirements has the potential to make information and solutions to this issue more “accessible.”

Key Takeaways:

“Iranian-backed hackers targeted Boston Children’s Hospital, FBI chief says” – Nate Raymond, Reuters

https://www.reuters.com/world/us/iranian-backed-hackers-targeted-boston-childrens-hospital-fbi-chief-says-2022-06-01/

  • Last year, Boston Children’s Hospital was the target of an attempted cyberattack.
  • In recent comments on the incident, FBI Director Christopher Wray described how the agency was able to get information on the threat to the hospital in time to prevent the attack.
  • He stated that this case reflects the growing threat associated with nation state actors.

“Healthcare-specific cybersecurity problems and how to address them” – Help Net Security

https://www.helpnetsecurity.com/2022/06/06/healthcare-specific-cybersecurity-problems-video/

  • Increasingly advanced attacks are compromising critical elements of the healthcare industry such as patient privacy.
  • A new study concluded that 22% of small practices and 45% of large practices have gone through ransomware experiences.

“Ransomware attack recovery costs top $1.85M in healthcare” – Jessica Davis, SC Magazine

https://www.scmagazine.com/analysis/ransomware/ransomware-attack-recovery-costs-top-1-85m-in-healthcare

  • The healthcare sector has become the second highest in ransomware occurrences.
  • It can run around $1.85 million to conduct a recovery effort.

“Congress is finally taking medical cybersecurity seriously” – Nicole Wetsman, The Verge

https://www.theverge.com/2022/6/3/23153048/congress-medical-device-cybersecurity-hacking

  • Senators recently spoke to Congress about a proposal to implement cybersecurity reporting requirements in the healthcare field.
  • A new bill presented for approval dictates that the Food and Drug Administration must release updated guidelines every two years and publish discovered device vulnerabilities on its website.
  • Such instruction comes after years of warnings around the security of medical devices, which have been confronted with evolving risks associated with the expanding dependence on IoT tech.
Share

You Might Also Like...