The Ongoing Cyber Threat to America’s Healthcare System
Seema Verma
EVP & GM of Oracle Health & Life Sciences, Board Member, Advisor, and Former CMS Administrator
With each passing week, it seems another large and damaging cyberattack is inflicted on our healthcare system. Excellent and essential organizations are falling prey to the relentless and increasingly damaging attacks by cybercriminals and terrorists. But we are not yet responding quickly enough to protect sensitive patient and institutional data in this critical industry.
The numbers are staggering. In 2023, more than 100 million patients had their highly personal and sensitive healthcare and financial information put at risk, more than double the figure from a year earlier.
We’re only five months into 2024 and already there have been massive breaches impacting millions of Americans. This year will surely be worse.
The healthcare industry is its own worst enemy when it comes to cybersecurity. It has underinvested in protecting its assets compared to many other industries. A recent survey cited in Modern Healthcare showed the healthcare industry spent just eight percent of its annual IT budget on cybersecurity, ranking only above the retail sector.
The health industry has consistently resisted efforts to adopt mandatory standards to protect patient and institutional data. But for some, it is a matter of means versus desire. Smaller systems and hospitals often lack the resources to adopt rigorous standards without assistance from the federal government.
So, it’s no surprise that the White House has weighed in with its intention to impose minimum cybersecurity standards on the industry - although no specifics have been given on the nature or timeline of those standards. Nor was there mention of government funding to support adoption.
In 2009, the federal government drove the connectivity and increasing interoperability of the healthcare system with the financial carrots and sticks it included in the HITECH Act. This encouraged providers to adopt electronic health records and increase patient privacy protections. This interconnectedness is now an established fact of our healthcare ecosystem. And as technology advances, the system is going to become even more, not less, connected.
We can’t and shouldn’t want to go back to the days of paper files and faxed records. At the same time, we must also acknowledge the inevitable challenges this invaluable connectedness creates. The old adage that you’re only as strong as your weakest link applies to the cybersecurity of our healthcare system.
There are too many weak links, and they are not being identified and fixed quickly enough. Having compelled greater connectivity among healthcare organizations, the federal government should also require tougher cybersecurity standards and provide funding to subsidize the cost for those organizations which need help to implement rigorous protections.
领英推荐
It is also increasingly clear, and unsurprising, that human error is playing a key role in cybercrime and terrorism. Hackers count on exploiting mistakes or weaknesses in the design of cybersecurity systems, as well as the regrettable, but inevitable, gullibility and naivety of some users who can’t resist or fail to recognize a clever phishing ploy or other social engineering attack.
At Oracle, security is part of our organizational DNA. That’s why we’re focused on providing the healthcare industry with effective solutions to the ever-increasing challenge of cybersecurity.
While no system is bullet proof, our Oracle Cloud Infrastructure (OCI) provides healthcare customers with the same military-grade security that protects the most sensitive data of our national defense agencies and governments around the world. Running on OCI not only enhances security but also boosts operational efficiency and facilitates the swift adoption of built-in, cutting-edge innovations, such as generative AI capabilities.
The security-first design principles we adhere to at Oracle—automated security measures, always-on monitoring, and foundational security integration—should be healthcare industry standards and mindsets adopted by all. By fortifying our defenses from the ground up, we can create a more robust healthcare infrastructure resilient to the evolving landscape of cyber threats and ransomware.
Most recently, we launched our Autonomous Shield initiative to support our customers move to the cloud – at our expense. This initiative both simplifies customers’ migration to our cloud and takes human error out of the equation. Our autonomous databases and operating systems constantly patch and protect against the latest vulnerabilities, thus providing automated updates that will help our customers fortify their cyber defenses. Larry Ellison and I wrote about the importance of autonomous systems in a WSJ op-ed last month .
We are at a critical moment for the healthcare industry. Our industry must recommit to making cybersecurity resilience a top priority. The public’s faith and trust in the system is at risk, as is the ability of providers to care for patients.
I was struck recently by a quote from an article about healthcare cybersecurity that goes to the heart of this matter. “Just as hand washing is a foundational element of modern medicine, cyber hygiene must be regarded as a basic and essential component of a functioning (health) system.”
Failure to exercise proper cyber hygiene is just as dangerous to patients and threatens the fundamental mission of our healthcare system at a time when it is already under great stress. We must address this problem immediately. Effective solutions are at hand if we choose to engage them.
Available for an immediate transition to the BA role due to RMG reporting, ready to tap into new opportunities. PV Domain Consultant ?? | AI-Powered BA ???? | AI Integrator ?? | Cybersecurity Learner ??
3 个月As an AI-powered Business Analyst, I support and advocate for these advancements and encourage continued innovation in cybersecurity to safeguard our healthcare infrastructure. By embracing these solutions, we can protect patient data, uphold the integrity of healthcare services, and ultimately, save lives.
SEO Executive | Digital Marketing | Keyword Research | Competitor Analysis | Ahref | Link Building
4 个月Seema Verma I hope this message finds you well. Your work in this area is commendable, and I found it to be quite informative. I've been conducting research with my team in this field as well and we have authored an article titled “Alarming Healthcare Cyberattacks Statistics” "https://www.vpnranks.com/resources/healthcare-cyberattacks-statistics/". It offers a more recent and in-depth analysis, particularly focusing on the increasing frequency and severity of cyberattacks in healthcare and the critical need for improved security measures.. I believe our article could serve as a valuable complementary resource for your readers, providing them with additional insights and enhancing the relevance of your post. It may also help drive further traffic to your page. I would be honored if you would consider including a link to our article. I’m also keen to hear your thoughts on my work and welcome any constructive criticism you might have. Thank you for your time and consideration. I look forward to continuing to follow your impactful work. Best regards, Waseem
VP People | Employment Attorney| Board Advisor| HRBP for C Suite|
5 个月Great read here. We have to first peotect before we can help. Thanks for sharing Seema Verma
Lead Engagement Executive at Oracle Health
5 个月100% agree. It is the “new” warfare! Unfortunately, does not follow the rules of engagement. Such as do not attack the elderly, children, or ill. So evil!
Chief Optimus at Adherence | ai and mL Morisky Medication Adherence Scales | MMAS-4 MMAS-8
6 个月I agree as well. Recently, I discovered that a company took my product and built software on their own platform for other large specialty pharmacy companies to use. We must be vigilant and take a zero tolerance view on this.