The attack surface for healthcare organizations is growing every day. Vulnerabilities compromising security postures include:
- Legacy systems
- Fragmented infrastructures
- Innumerous applications and IoT devices
And much more.
Let’s take a moment to talk about legacy systems—legacy operating systems and other software present a significant vulnerability to healthcare organizations. Why?
Manufacturers don’t support outdated systems and therefore aren’t updating them with security patches to prevent cyberattacks.
The 2021 HIMSS Healthcare Cybersecurity Survey Report revealed, “more than one-third of health systems still have devices running Windows Server 2008 and Windows 7, both of which haven’t been supported by Microsoft since January 2020. Even worse, 1 in 5 are still running Windows XP, which hasn’t been supported since 2014.”
As more and more hospitals and healthcare organizations move their operations to the cloud, bad actors have been taking advantage—targeting the new cloud resources and stealing the data before “delet[ing] cloud backups to prevent recovery.”
In fact, things are getting so bad that in early March 2023, the Health Sector Cybersecurity Coordination Center (HC3) sent out a security warning about data theft in healthcare cyberattacks.
According to the Department of Health and Human Services, “28.5 million records were exposed in the second half of 2022” alone, with 44 million records compromised in total.
Dawn O’Connell, HHS Assistant Secretary for Preparedness and Response, elaborated in a HIPAA journal article that since“[h]ealthcare cyberattacks are among the fastest growing type of cybercrime–jeopardizing patient care, damaging the integrity of health care systems, and threatening the U.S. economy…healthcare organizations must safeguard their information technology systems to help prevent attacks and create a culture of cyber safety in the health care industry.”
And thankfully, as cyberattack risks do increase, HC3 has made recommendations on best mitigation practices, including:
- Increasing security awareness and implementing best practices
- Evaluating risks for every application and interaction with data
- Performing periodic audits to ensure protocols are being followed
- Monitoring systems and completing comprehensive logs
How secure is your infrastructure? Start optimizing your infrastructure and creating your culture of cybersecurity with our Technology Roadmap Checklist.