Healthcare sector faces cyber threats, warns Health-ISAC CSO | IT World Canada

March 1, 2024
1 min read

TLDR:

  • Healthcare organizations are facing a rising number of cyber attacks, particularly ransomware.
  • The sector is facing a lack of resources, including budget and appropriately trained staff, to support cybersecurity programs.

Health-ISAC’s Chief Security Officer, Errol Weiss, warns that healthcare organizations are “stretched thin” in the fight against cyber attacks, particularly ransomware. The sector is facing a lack of resources, including budget and appropriately trained staff, to support cybersecurity programs. Two recent reports highlight the challenges faced by the healthcare sector, with ransomware attacks steadily increasing throughout 2023. The latest examples include attacks on Change Healthcare and Chicago’s Lurie Children’s Hospital. Health-ISAC, in collaboration with the American Hospital Association, released a report on current and emerging healthcare cyber threats, revealing a high number of data thefts in the sector.

Despite the pressure on healthcare organizations to pay ransom demands due to the sensitive patient data they hold, Weiss believes most ransomware attacks are opportunistic. However, once inside the network, attackers may resort to pressuring tactics, including threats to release sensitive information. The biggest mistakes organizations make in cybersecurity include not backing up data regularly, not patching vulnerabilities fast enough, and not implementing multifactor authentication to protect logins.

Weiss emphasizes the need for more financial and human resources in the sector to address cybersecurity risks effectively. He suggests that government support, such as tax breaks for purchases and training IT staff, can help organizations improve their cybersecurity posture. Without adequate resources and measures, organizations will continue to be vulnerable to evolving cyber threats, leading to potential data breaches and financial impacts.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and