What 2022 has in store for Healthcare CyberSecurity

The pandemic not only brought an unprecedented health crisis, but also created a huge security challenge for hospitals. It exposed the security deficits of healthcare systems, leaving them vulnerable to cyberattacks. Unlike other industries where financial and reputational loss is the biggest worry, human lives are on the line in the healthcare industry. This means healthcare organisations have a diminished power to negotiate – a situation cyber criminals are ruthlessly exploiting.

So, how can healthcare providers stay a step ahead of threat actors? I have outlined key cybersecurity predictions that will help them prepare better in 2022.

5 security trends to watch out for in 2022

1. Hacking will get more sophisticated

Cyberattacks on hospitals have been gaining momentum over the year, but the pandemic truly put them under the spotlight. We witnessed cybercriminals taking undue advantage of the fact that healthcare systems were overwhelmed and completely absorbed in taking care of patients. Additionally, inadequate security measures made them vulnerable and easy targets for hackers. By the end of 2020, security breaches costed healthcare companies a staggering US$6 trillion!

Since, then healthcare institutions have learnt to be better prepared for the pandemic, as well as cybercriminals. We have seen hospitals and other providers boosting their security efforts. Unfortunately, hackers have learnt too and are planning more sophisticated attacks. They now know better what tactics to use, which systems to attacks, and more. Experts believe that in 2022 instead of attacking any and every healthcare institution, hackers will now assess where most vulnerabilities lie and where they can get their hands on the most bounties to plan their attacks.

2. Insiders to continue to be the biggest threats

As they say, you are only as secure as your employees. An organisation’s biggest strength can also be their greatest weakness. Healthcare workers are human and bound to make mistakes, which became evident in the last two years. We saw many healthcare organisations finding themselves in a pickle due to employee blunders. It was a combination of oversight due to exhaustion, carelessness and even intentional violation of security protocols for personal gains.

Whether it is data breaches or data theft, insiders will remain the biggest threats to healthcare companies in 2022. A study has revealed that negligent breaches and insider attacks are in fact twice as likely to happen than malicious attacks by external forces such as hackers. Hospitals and other healthcare organizations will have to take cognizance of this imminent threat and put in place security measures such as performing risk assessments, implementing access control, endpoint security systems, encryption, intrusion detection, and more.

3. Ransomware attacks to evolve and grow

Ransomware attacks have proven to be the bane of the healthcare industry. Ransomware attacks alone costed healthcare organisation US$20 billion in 2020. This further skyrocketed in 2021 and will only exponentially multiply in the current year as cybercriminals professionalize. While encrypting mission-critical, sensitive data and demanding a ransom has been the modus operandi of cyber criminals so far, experts believe that they will change tactics in 2022.

With a focus on data exfiltration, threat actors will evolve to double extortion. They will access a healthcare company’s data, copy it and transfer it outside the company network for their financial gain. They will now exfiltrate and encrypt data, and then demand a ransom. As data exfiltration happens under the radar, they are less likely to get caught. Hence, there is also a possibility that we will see less encryption-only attacks, and more data exfiltration-only attacks.

4. Healthcare providers to focus on third party vendors

While ransomware or hacking is the ‘how’ when it comes to targeting healthcare providers, third party vendors in their supply chain comprise the ‘where’ to attack. Third party vendors unwittingly provide entry points to a healthcare organisation’s sensitive data to cyber criminals.

If a third party’s system or equipment has a vulnerability, it can quickly spread across the company or even to partner facilities via its network. On the other hand, if a major supplier is attacked and shut down, it can have catastrophic ramifications on patient health. This is why healthcare providers will have to pay attention to third party equipment, data they handle, and more. As we step into 2022, the healthcare industry will have to prioritize IoT and medical device security to ensure comprehensive security.

5. Hospitals will strengthen cybersecurity efforts

In light of these ever increasing and sophisticated cyber attacks, it goes without saying that healthcare providers have to up their game if they want to safeguard themselves and their patients. In 2022, we will see a turnaround – where earlier security professionals such as CIOs and CISOs were pushing senior management to approve budgets for security deployments, now hospital boards will mandate action to raise the level of cyber security.

The financial risk of the payout, revenue loss and reputation loss will force hospital boards to prioritize security implementations. According to a recent industry study, hospitals lose up to US$80,000 per hour in revenue when their operations are shut. When attacks shut down healthcare facilities for days or weeks, the losses incurred are irrecoverable.

Last words

Just like the game of chess, healthcare companies will have to plan their moves ahead of time. Cyber criminals are getting smarter by the day and healthcare organizations will have to leverage new-age security technologies, educate employees and adapt to the ever-changing threat landscape to checkmate threat actors at their own game.

Sources for statistics:

Hackers and insider threats: https://techjury.net/blog/healthcare-data-breaches-statistics/#gref

Ransomware: https://www.beckershospitalreview.com/cybersecurity/ransomware-attacks-cost-healthcare-orgs-20-8b-in-2020.html

Hospitals to strengthen efforts: https://thejournalofmhealth.com/cyber-security-in-2022-what-it-will-mean-for-every-health-delivery-organisation/

Healthcare Radius Magazine Article Link: https://www.healthcareradius.in/emagazine?id=14732

Article: https://bit.ly/3KrmeFT