26 Jul 2016


According to a recent two-year study of hospitals and other organizations related to the healthcare industry, medical facilities on the whole are woefully unprepared to the threat of increasingly more sophisticated hackers. More specifically, their defense is focused almost exclusively on protecting patient records and is typically reactionary rather than proactive. What defenses that are out there are meant to stop blanket and more rudimentary hack attempts.

While most strategies have been designed to protect patient data, these strategies don’t take into account how disruptive something like a ransomware attack can be to a hospital’s daily operations. That aspect is in some ways a greater threat to a hospital as it can interrupt the care of sick patients. For example, Hollywood Presbyterian Medical Center, had their files held hostage and were forced to switch to using pen and paper after being hit with a ransomware attack. They only regained access after paying $17,000 to the cybercriminals responsible. Hollywood Presbyterian isn’t the only medical center to essential be shut down by hackers this year. The Los Angeles county Health Department, Chino Valley Medical Center, Desert Valley Medical Center, Kentucky’s Methodist Hospital, and MedStar Health in Washington DC have all been affected.

Basically, it’s in all likelihood going to be impossible to prevent every intrusion, so part of any organization’s plan should be to mitigate their outcomes. Unfortunately, most organizations aren’t up to the task. Greater than 80% spend less than 6% of their IT budget defending against cyberattacks, with more than 50% spending less 3%. This is a fairly damning figure considering comparable industries like finance spend 12% or more. Almost 75% say that the security is discussed some of the time in board meetings, or worse, it’s upon request.

With this information in mind, here are the top five cybersecurity issues facing the healthcare industry today:

  1. Ransomware. Healthcare organizations are a huge target for cybercriminals, because unlike other industries that have invested in cybersecurity, medical facilities have not. They also cannot afford to have their systems shut down since it could literally be a matter of life and death. More importantly they have the money to pay ransoms, and often do. Ransomware is a low risk high profit scam and as long as hospitals remain unprepared to deal with it and continue to pay off hackers, the threat will continue to grow. At the bare minimum these facilities need to have a robust backup system, limiting permissions, and have all their software up to date.
  2. Phishing awareness. While ransomware may be how cyberthieves attack, phishing is how they get into an organization’s systems. Everyone needs to be trained on how to recognize a phishing attack, but especially executives so they don’t become a victim of “whaling”. Executives have greater access to a medical facilities systems, so when they are targeted and fall victim to phishing, hackers can do everything from transfer funds to install ransomware.
  3. Executives need to be up to date on cybersecurity. Unfortunately, when it comes to security most executives aren’t sufficiently knowledgeable when it comes to threats. This leads to security being a low priority and a strategy that is more reactionary and less about preparedness. It’s up to executives in charge of IT to give out security information and threat assessments in ways other executives can understand. Security needs to be prioritized to the extent that at every board meeting should have a security report in the same way you’d have a financial report.
  4. Application security. When people think about encrypting data, they’re thinking about when it is stored or transmitted, but very few consider what happens when that data is being used by an application. During that time, data is decrypted and can be exposed not only to the general public, but to unauthorized users. In the financial industry, this is a priority, but in healthcare it isn’t. While application security tends to be a step above, it is an inevitable one.
  5. IoT is coming. The Internet of Things (IoT) is a term used to describe the interconnectivity and often web enabled aspects of modern technology. While this offers a lot of convenience in our everyday lives, when it comes to medical devices, it is a potential nightmare. In most cases manufacturers are more concerned with convenience and ease of use than the security risk these devices carry. While most hackers are more interested in financial gain than causing physical harm, this area has not been adequately addressed. With the rise of internet driven global terrorism and proof of concept attacks on devices like insulin pumps, this is a concern than needs to be considered.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top