While ransomware and DDoS attacks attract attention for news on hospital cybersecurity, it is more often internal cultural and technological vulnerabilities that cause dangerous and ongoing healthcare data breaches.
Hospitals face high risks due to the network links with external agencies and partners, and there are numerous instances of ransomware and malware attacks on hospitals and institutions, causing frequent and disruptive damage. But more often, it is weak spots in legacy systems and new applications that cause higher damage. Clinicians working around medical device security protocols expose the risks of vulnerability in the IoMT.
In April, the U.S. Department of Health and Human Services reported 44 healthcare data breaches for the month, a record. The fact that the number of individuals affected fell by 29% from 963,794 to 686,953 compared with March was not exactly grounds for optimism, given the potential scale of the impact.
A Verizon 2019 Data Breach Investigations Report underlines the high level of risk that can be attributed to internal processes and lack of policy enforcement, in security vulnerabilities of hospital data. In fact, the report says that 59% of all attacks are due to internal processes and policy enforcement failures while data leaks due to external threats only stand at 42%.