Healthcare providers and organizations are investing in cybersecurity with the growing pervasiveness and sophistication of cyber crime. Cyber criminality is becoming both more anonymous and more lucrative, opening the market for hackers and other cyber criminals to prey on healthcare providers. Despite the healthcare industry estimated to spend $65 billion on cyber security through 2021, cyberattacks are expected to quadruple by the year 2020. Regardless of financial precaution, cyber criminals are being aided by certain factors the healthcare industry has yet to remedy:
Matt Anthony, vice president of incident response at the Herjavec Group commented recently, "Bitcoin is the engine for cybercriminality"; it allows criminals to be paid with complete anonymity. Bitcoin very nearly eliminates a large section of risk for cyber criminals, allotting them a certain degree of secrecy. As long as there is a way to conduct business wherein identities are kept private and secured, organized crime will continue to remain pervasive.
There still remain multitudes of healthcare providers that operate on legacy hardware, connected systems, and Internet of Things devices that are not built with prioritized security. Data backup strategies are either ineffective, or have not been tested with any frequency. Hospitals and healthcare organizations that have not been faced with attack, or been met with tangible risks forcing them to investigate their hardware and data storage are left vulnerable to cyber attacks.
If breached, hospitals are more incentivized to pay up, as in cases where attacks are successful, the healthcare organization is under prepared, improperly funded, or unable to secure the breach due to outdated systems and other improper hardware. So, instead of trying to remedy the system themselves, the hospital is forced to yield to the will of the cyber criminal.
Tools and practices are improving via overhaul and investment as healthcare providers are placing increasing importance on their system security. The sheer amount of money being poured into security over the next five years should improve the industry as a whole, but individual hospitals and providers must understand the landscape of cyber criminality to ensure their own specific entities are safe, or at least prepared.