Insights and Resources

Healthcare in the Crosshairs: A Deep Dive into Cybersecurity Challenges

ARTICLE | July 04, 2024


Cybersecurity in healthcare is increasingly becoming a critical aspect in the digital age. With the escalating number of cyberattacks and data breaches targeting healthcare institutions, protecting vital information has become essential for the normal functioning of such organizations. The recent cyberattack on the UnitedHealth Group’s subsidiary, Change Healthcare, is a stark reminder of the potential risk these institutions face. 

Healthcare organizations are attractive targets for cybercriminals due to their vast collections of sensitive patient information and their often limited resources and outdated software systems. The increasing trend of hospitals succumbing to ransom demands further invites more attacks. For instance, in 2023, the U.S. healthcare sector recorded the highest number of ransomware attacks among the 16 critical infrastructure sectors tracked by the FBI.

The cyberattacks on healthcare institutions not only cause significant financial losses but also disrupt patient care. During these attacks, hospitals must revert to manual processes and divert ambulance traffic to other facilities. In some extreme cases, hospitals have had to shut down, causing patients to travel further for treatment, with sometimes fatal consequences. Furthermore, the financial implications of these attacks can strain healthcare providers’ IT budgets, making it even more challenging to upgrade their computer systems.

A significant challenge in healthcare cybersecurity is the prevalence of legacy systems. These systems are often outdated and no longer supported by the manufacturer, making them vulnerable to attacks. Upgrading these systems can be costly and may not always be feasible due to compatibility issues with the existing equipment. 

Another challenge is the lack of stringent regulations governing healthcare data security, leaving cybersecurity decisions largely to individual healthcare providers. However, potential changes may be on the horizon, with the Biden administration indicating a desire for the Health and Human Services Department to set baseline cybersecurity requirements for healthcare providers.

However, it is not just healthcare providers that need to bolster their cybersecurity measures. Patients need to understand how to securely communicate with their healthcare providers, particularly when engaging virtually. Regular security awareness training for healthcare workforce members is also crucial to thwart phishing attempts and other potential threats. 

Moreover, the role of vendors in healthcare cybersecurity cannot be underestimated. A vendor's lax security policies can pose a risk to the healthcare organization. For instance, stolen vendor credentials or compromised vendor accounts can potentially result in a compromise of the healthcare organization’s information technology resources.

Bolstering cybersecurity in healthcare requires a multi-faceted approach involving all stakeholders. Strong security measures like appointing a chief information security officer (CISO) can help develop strategic plans to safeguard against threats. Healthcare providers need to actively work on maintaining physical security, upgrading legacy systems, enhancing email security, and training their workforce on potential threats. 

In conclusion, the increasing threats of cyberattacks in healthcare necessitate stronger and more comprehensive cybersecurity measures. As healthcare providers increasingly rely on digital solutions for their operations, prioritizing cybersecurity is no longer just an option but a crucial necessity to ensure the safety and security of patients' information and the integrity of healthcare services.

Let's Talk!

Call us at +1 213.873.1700, email us at solutions@vasquezcpa.com or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty: