Blog

Not All Life Savers Wear White Coats

Oct 05, 2020

Not All Lifesavers Wear White Coats by Anastasios Arampatzis

During the COVID-19 public health crisis, cyber criminals took advantage of people’s growing need for information about the pandemic to launch an increased number of attacks against healthcare providers. The exponential growth of these cyberattacks is posing a considerable threat to civil society, government institutions, and most particularly, the healthcare sector. Despite a wake-up call following the WannaCry crisis, healthcare cybersecurity still lags . As a result, in this time of emergency, cyberattacks may not only have an economic and reputational cost, they may also have an impact on human life.

To help healthcare organizations focus on the delivery of mission critical services, cyber volunteer initiatives have emerged to provide free assistance to healthcare organizations. Although this support is a welcome development, evidencing the solidarity of the cybersecurity industry, it also highlights the urgent need to safeguard the healthcare industry against cybersecurity incidents and breaches.

A Lucrative Target

In fact, the cyberattacks against healthcare providers are nothing new. The use of electronic systems to manage electronic Protected Healthcare Information (ePHI), the need for information sharing between agencies and the value of health records in the dark web are the main driving factors behind the increase of cyber-attacks against healthcare providers.

Many reports demonstrate that ransomware, configuration errors and social engineering attacks are on the rise, placing healthcare in the top of the targeted industries. According to the latest edition of the Verizon Data Breach Investigation Report, these data breaches were mostly financially motivated, while the criminals escaped with personal and medical data.

Security Balances with Life

The importance healthcare industry plays in the welfare and prosperity of every society on Earth is underpinned by the fact that the sector is part of the national critical infrastructure, because, according to the EU Network and Information Systems (NIS) Directive , “a single incident can and will have significant disruptive effects affecting a wide range of societal and economic activities.” A single look at the recession economies suffer because of the COVID-19 pandemic is enough to convince even the last misbeliever about the criticality of the healthcare industry. The “response and recovery” capabilities of the sector “play a significant role across all other sectors in the event of a disaster,” adds the US Cybersecurity and Infrastructure Agency (CISA) .

In the event of a natural disaster or a virus outbreak, a malicious cyber incident coupled with the increased demand for healthcare services may impact the ability of the sector to adequately meet surge demands with severe consequences on patient care. A cyber incident on any healthcare organization has real life and death implications.

The uniqueness of the healthcare sector, where security balances with life, made the sector a highly regulated one. It is not only the need to ensure that drugs are safe and effective. It is also to protect the confidentiality and integrity of the patients’ personal information. Regulations like HIPAA in the US, PIPEDA in Canada, GDPR and NIS in the EU mandate the physical and cyber security and privacy of health records, whether they are in paper or electronic. Along with security requirements, these government regulations dictate heavy fines for data breaches. According to the US Department of Health and Human Services (HHS), responsible for the enforcement of HIPAA, the most frequent compliance issues are related to the impermissible uses and disclosures of health information and the lack of safeguards to these data.

Security and Privacy Professionals Wanted … Is that you?

However, and despite all these alarming issues, hospitals lack skilled cybersecurity and privacy professionals. Recent reports have indicated that three in four hospitals do not have dedicated cybersecurity practitioners or that almost half of them do not have a CISO . These reports unveil lack of cybersecurity training and awareness among healthcare workers, leaving the organizations vulnerable to the criminals’ appetite to wreak havoc and disrupt the national public health system.

It is more evident than never that the healthcare industry needs enthusiastic and keen security and privacy professionals committed to helping human lives. Will that be you?

You Can Make an Impact!

Joining the healthcare industry as a security and privacy professional comes with many benefits. Many may go on saying that there is zero unemployment or that your career growth might be unlimited, but the biggest benefit is that you can make an impact.

Although the cyberspace can be abstract, cybersecurity in the healthcare industry can impact human lives. The use case of defending a pacemaker in an elderly patient can have deadly effects if not mitigated effectively.

While a security incident in other sectors may entail temporary business disruption, penalties, and damaged reputation – things that can be restored over the course of time – security incidents in the healthcare industry are closely related to human lives. When healthcare providers fail to mitigate risks, security incidents have real life and death implications. Being a member of the healthcare cybersecurity profession is not only about business. It is being part of a team that saves human lives and protecting the patients we serve and ensure the delivery of life-saving services.

Cybersecurity matters. It has impacts that extend beyond the digital world and into the physical one. That is a terrifying and exciting prospect and one that highlights its importance.

If you want to work on IT issues that have real-world impact, healthcare cybersecurity is the discipline for you.

Start Learning! Get Certified!

Whether you are a university graduate developing your career and want to specialize in healthcare cybersecurity or kickstarting a second career, being able to demonstrate your knowledge and skills can make you stand out from the competition. Hiring managers want to see a token of proof of your practical experience. Therefore, having a certification in healthcare security and privacy can be one of the most essential qualifications when applying for a vacant cybersecurity position.

(ISC)² is the leader in security certifications and is acknowledged by companies worldwide. (ISC)² can help you discover the right path, create your plan, and thrive throughout your career. And the best way to start building your career in cybersecurity is by earning the (ISC)² HealthCare Information Security and Privacy Practitioner (HCISPP) certification.

The HCISPP certification covers everything you need to know about privacy and security in the healthcare industry, therefore is ideal for IT administrators, managers, directors and privacy and security professionals responsible for safeguarding the patients’ sensitive medical data. The certification shows you have the advanced technical skills and knowledge to implement, monitor and administer the healthcare infrastructure using privacy and security best practices, policies and procedures.

Not All Life Savers Wear White Coats

As the healthcare industry relies more and more on technology to provide high level services, the medical staff needs to be ensured that they can use this technology safely to save human lives. You can be part of these amazing teams and “protect the patients they serve and ensure delivery of lifesaving services.”

To learn more about healthcare cybersecurity, read Not All Life Savers Wear White Coats , our latest white paper.