Healthcare News & Insights

How healthcare facilities can improve cybersecurity

The healthcare industry continues to be a favorite target of hackers. And the only way this will stop is for hospitals to take control of their technology. In this guest post, Keenan Skelly, VP of global partnerships and security evangelist at a market leader in next-generation cybersecurity readiness, offers a few ways facilities can strengthen cybersecurity and prevent future breaches and cyberattacks.


Changes in the digital age and healthcare communication have greatly impacted how clinical professionals use medical devices, perform patient care, and conduct business operations safely and securely online. Electronic health record (EHR) mandates and widespread adoption of mobile devices have accelerated at such a rapid pace, healthcare cybersecurity departments within hospitals, institutions and clinics can be prone to oversights that unintentionally invite malicious hackers inside. The healthcare industry is one of the critical infrastructure sectors that has and continues to be targeted for data exploitation, ransomware and security threats.

Healthcare cybersecurity statistics

To understand how healthcare cybersecurity professionals can leverage tech advancements to help keep records and data secure, we must know what the industry has experienced thus far:

Cyberattacks happen frequently across many kinds of industries, but a breach at a hospital facility or one that impacts medical devices can have life threatening effects. Causes for data breaches and cyberattacks like the ones mentioned below are typically from unencrypted devices, lost and stolen devices, outdated systems or sheer lack of cyber personnel – all of which contribute to the industry’s security vulnerabilities. Those looming risks allow cyber criminals to steal financial and billing information, patient records, and even bank account numbers from hospitals and medical facilities.

The following healthcare organizations have experienced cyberattacks – and likely more have gone unreported. (This infographic offers a visual representation of cyberattacks and more.)

  • SSM Health in St. LouisA former call center employee accessed 29,000 patient records including demographics and clinical information. The former employee didn’t have access to financial information, according to the statement.
  • 21st Century Oncology of Fort Myers, FLAn unauthorized third party gained access to a company database, putting 2.2 million individuals at risk. Data stolen may have included patient names, Social Security numbers, physician names, diagnosis and treatment information, and insurance information.
  • UNC Dermatology and Skin Cancer Center in Burlington, NC: A stolen computer contained roughly 24,000 patients with records detailing names, addresses, phone numbers, birthdates, Social Security numbers, employment status and employer names.
  • Sinai Health System in ChicagoA phishing scam affected approximately 11,350 people of the seven-member hospital system. The investigation reported no financial information was compromised but patient information may have been compromised.
  • Henry Ford in MichiganA cybercriminal accessed email credentials from a group of employees to view and steal the data of 18,470 patients. While the email accounts were password protected and encrypted, the hacker accessed patient names, dates of birth, medical record numbers, provider names, dates of service, health insurer, medical conditions and locations.

To prevent even more healthcare facilities and organizations from being breached, there are several efforts underway by all cyber professionals and leaders to stay ahead of the hackers with preventive and proactive security strategies.

The right medicine: Stopping healthcare cybersecurity threats

Cybersecurity threats start and end with the people controlling the use and deployment of technologies. They have the ultimate power to create a secure cyber environment and prevent a cyberattack from happening. Advocating for a “data privacy first” mentality places people at the center of cybersecurity in the healthcare industry. Here are a few ways to strengthen cybersecurity in healthcare facilities to prevent future data breaches and cyberattacks.

Personnel and planning

Having the right cybersecurity team is key. More than 60% of organizations don’t have qualified cybersecurity technicians in house. Cybersecurity professionals can engage in persistent learning and skill-building opportunities to understand how to protect patients, minimize security risk and identity data theft. There are various training platforms on the market that can help upskill cyber teams. Likewise, onboarding new talent should be made aware of the security protocols and policies, and presented with opportunities to continually assess their security efforts to self-assess areas for improvement. Hiring managers, too, can better qualify candidates during the evaluation process by using platforms to test their security skills and aptitude.

Proper device security

Device security is important to minimize cybersecurity risks for healthcare facilities. Actually, 78% of devices in the medical field are unsecured or have weak security. Medical devices provide the data needed to help professionals make the right diagnosis decisions, but they can also be easily tampered with. To maintain the security of these medical devices, it is recommended to keep software updated, to set up strong passwords, and to not use the same password for multiple devices. Also, your staff should be instructed to re-authenticate the devices on occasion. This could be a policy you set in place in your healthcare facility that takes place a couple times a year. Also make sure the devices are locked or turned off when they aren’t in use. Finally, house data on internal applications and servers, instead of external applications to limit exposure to the outside world.

Wise budget spending

Currently, healthcare providers spend about 5% of their total information technology budgets on security in 2018, according to Gartner. Across 13 industries measured, the average spend was 6% on information technology security. To increase budget for cybersecurity purposes, look at where it’s currently being allocated and what the ROI is. For example, invest in the right training programs for your cybersecurity team that will provide the more efficient, hands-on training outlet to minimize off-site course costs like travel and hotel. Also, ensure you’re running on updated systems. It’ll be more cost effective in the long run and protect from potential risks. Smarter budget spending for your healthcare facility will help improve the team’s ability to prevent imminent cyber threats and protect past, current and future patient and hospital data.

There’s a lot of opportunity to leverage the people defending our health networks and better utilize the digital technologies available to empower them to make smart defensive decisions based on persistent training and skill building. Protected health information and patient security is of utmost importance to individuals in the field and patients, so if cyber professionals and non-cyber professionals alike can better understand how to improve data security keeping the above recommendations in mind, patients and the facilities that treat them will be better protected.

Keenan Skelly is VP of global partnerships and security evangelist at Circadence, a market leader in next-generation cybersecurity readiness.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind