Ransomware continues to plague the healthcare industry overall, but most recently, we have seen attackers begin to focus on small healthcare organizations. In the past weeks, several healthcare organizations in the northeast were forced to shut down their HIT systems due to a malware attack. A ransomware attack disrupted patient care at a rural county hospital, and there is no evidence to suggest that attackers will not continue to target critical access and rural hospitals.
Not just small hospitals, but clinics and medical offices are also vulnerable. When Michigan-based Brookside ENT and Hearing Center refused to pay a ransomware amount of $6,500, hackers wiped out their entire IT system. In 2018, Colorado-based Central Colorado Dermatology reported that hackers penetrated their network, gained access to information on their server, including Patient Health Information, and launched a ransomware attack. In the last two months, there were numerous reports on several rural hospitals turning away new patients and even canceling surgery appointments after a rash of ransomware attacks hit them.
Rural and critical access hospitals, along with small practices, dominate the healthcare industry and are a vital component of communities across America. Rural hospitals alone provide essential health care services to over 57 million people in the United States. Yet, small medical organizations are plagued by the same kind of cyber threats as large organizations, and they are often worse. These threats occur because although small organizations have adopted modern technology, they are less likely to make significant investments in cybersecurity solutions needed to protect them.
Cybersecurity for rural and critical access hospitals is a growing concern as hackers are evolving with advanced code innovations. In 2018, the healthcare sector was the second-most attacked industry after the government sector—and there is a good reason why. National reports suggest that while hackers can sell credit card numbers for 10 to 15 cents apiece, a medical record can fetch anywhere between $30 to $500. Some reports even suggest that a patient’s full medical history can bring up to $1,000 in the darknet, as the hackers steal complete healthcare data.
Talent shortage is one of the biggest challenges facing the cybersecurity industry. According to the IT Security Organization (ISC)², 2.93 million cybersecurity positions are open and unfilled around the world. A dedicated internal cybersecurity team not just drains the IT expense budget for small hospitals but is also challenging to find. That is why small hospitals should look for a cybersecurity organization that acts as an extension of their IT team and not just a ‘vendor.’
Small hospitals must choose a cybersecurity partner who can think from an attacker’s perspective to design equally powerfully solutions, if not more, to impede hackers’ efforts. According to a recent study by IBM, conducted by Ponemon Institute, hackers spend an average of approximately 191 days in your systems before discovered. Critical access and rural hospitals should seek to deploy a next-generation Security Operations Center (SOC) to assure early detection and mitigation of threats. Another crucial factor is to address the need for medical device cybersecurity. All too often, diagnostic testing is a critical offering provided to the communities that small hospitals serve. Assuring that these medical devices are protected and do not disrupt patient care should be a priority. Ultimately, critical access and rural hospitals should look for a cybersecurity partner with solutions tailored to their specific needs and requirements.
Until recently, there was no comprehensive cybersecurity solution for critical access and rural hospitals in the market. That is why, Sensato Cybersecurity Solutions developed a program to address this market specifically. The Sensato-CARH (Critical Access and Rural Health) program provides a fully integrated network intrusion detection platform, host intrusion detection, deception technologies, asset fingerprinting, and more, along with a next-generation SOC that augments your on-the-ground teams. This one-of-a-kind program also provides policies and monitoring of your network, servers, network-connected medical devices, and patient care systems all in a subscription model.
Sensato was the first healthcare-specific cybersecurity firm. It since has been recognized as the most innovative healthcare cybersecurity firm and the only firm to have a memorandum of understanding with the FDA and H-ISAC for sharing and collaboration on medical device security.