Cybersecurity & Cyber Threats in Healthcare Organizations

Cybersecurity & Cyber Threats in Healthcare Organizations

Aurore Le Bris, Walid El Asri

Abstract:

Cybersecurity has become a strategic issue for healthcare facilities. This current risky situation comes from an internal double threat: the misuse of IT systems by employees due to their low risk awareness and the lack of proper funding dedicating to Information Security. Simultaneously, the democratization of hacking techniques has also increased the number of potential perpetrators and the variety of their profile. The multiplication of healthcare facilities hit by such attacks reveals how absolutely necessary the question of cybersecurity is. Thanks to the mediatization of these incidents, concerns now grow among general public and authorities, which trigger more and more initiatives to turn things around: FDA, AHA, HITRUST in the USA. A move towards more coordination in necessary. Furthermore, facilities’ staff is essential in solving the hacking issues. Indeed, cybersecurity cannot be improved without training employees to use devices properly, raising their awareness on cyber threats and ensuring their compliance with security policies.

Introduction

Cybersecurity has become a crucial issue for many organizations but also for private individuals. As well as for “regular” crime, anyone may become a target of ill-intentioned people, exploiting the vulnerabilities of information systems (IS) in any possible way. Healthcare organizations are some of the entities we trust the most and that hold the most sensitive information about us: name, date and place of birth, medical records, social security details, etc. Suffering from many flaws (low budget, lack of IT organization, excessive use of legacy systems…), healthcare actors have become easy targets for hackers, facing more and more pressure and threats from them (Fu and Blum, 2013).

This article aims at depicting the current state of cybersecurity in healthcare organizations as well as at understanding the main cyber threats they face and how these last ones could be addressed.

First of all, the stakes and risks associated to the healthcare environment will be presented. The different types of assets likely to be targeted will be reviewed as well as the profile of the potential attackers/threats and their objectives. Then, examples of attack scenarios – that occurred in real life or pentests – will be studied in order to highlight the consequences they may have on healthcare IS. Finally, the current state of cybersecurity in healthcare facilities will be portrayed and possible measures to enhance it will be discussed.

The following strategic report assess new risks and threats towards healthcare facilities and organizations. Read the full report here:
Cybersecurity & Cyber Threats in Healthcare Organizations

References

Fu, K., & Blum, J. (2013). Controlling for cybersecurity risks of medical device software. Communications of the ACM, 56(10), 35-37.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *