In healthcare specifically there are several cybersecurity challenges. These include sensitive patient data, sharing of clinical and non-clinical information, as well as increased need to collaborate across departments, creates a wider attack surface which needs more active and regular security.
According to Mark Clark, VP Sales EMEA North, Onapsis healthcare providers need understand how devastating cyberattacks can be. In August 2022, for example, a ransomware attack caused massive outages at a number of NHS facilities. The outages affected everything from patient referrals to ambulance dispatch, out-of-hours appointment bookings, mental health services, and emergency prescriptions. It also puts patient data and ultimately, patients at risk.
A few years earlier, in 2017, it was hit by the infamous WannaCry attack which cost the health service £92 million and saw 19,000 appointments cancelled.
In the U.S., cyberattacks against healthcare organisations surged by 86 percent compared to the previous year, with a weekly average of 1,410 attacks.
Clark notes that this makes private healthcare providers vulnerable in the U.K., especially as they become more and more prevalent and grow in size.
In terms of the impact, Clark finds, in addition to financial costs: “Interruptions can cost patients life-saving diagnosis and treatment.”
As a response, Clark recommends that U.K. private healthcare providers scale-up their cybersecurity efforts as they grow.
Beyond that, Clark recommends: “Healthcare providers should also ensure that they choose security vendors with strong track records in the healthcare sector who can protect their critical business applications. The chosen vendor should also have a solid research team that proactively identifies the latest threats and how to nullify them. Moreover, the vendor should be open about sharing that research with its customers, ensuring that their own cybersecurity teams are able to deal with any new threats, identify any gaps across the attack surface and shore up any vulnerabilities.”
The threat is ever present and Clark says organisations are now being “urged to take a “when-not-if” mentality to cyberattacks, they should also look for a cybersecurity vendor that can help them put a solid breach response plan in place. Executed properly, such a plan can greatly mitigate the impact of a successful cyberattack and ensure business continuity.”
Consequently, says Clark: “It is therefore critical that healthcare providers prioritise their risk profile and engage the right vendors who can ensure they have the best possible protection against attacks and can respond appropriately when successful attacks take place.”