Navigating Cybersecurity Challenges in Healthcare

Healthcare cybersecurity challenges continue to escalate. Healthcare is a prime target for cybercriminals, as healthcare organizations often house sensitive and personal data, and the already complex space received even more threats in the wake of the pandemic and telehealth expansion.

So, how exactly can healthcare entities best manage security concerns? It’s not an easy answer, but one that requires a multi-pronged approach.

Is Your Healthcare Organization Meeting Cybersecurity Standards?

The first part of having a robust cybersecurity plan is meeting standards, specifically the NIST CSF (National Institute of Standards Cybersecurity Framework). The framework was developed in 2014 and stands as the gold standard for proactive cybersecurity initiatives.

While the framework covers every aspect of security, it’s not always easy for organizations to implement. A report from a cybersecurity consulting firm confirmed this assumption, finding that only 44% of hospital and health systems were in conformance to NIST CSF protocols. The report comes to this conclusion after an analysis of over 300 assessments from 2019.

The study detailed failings in four of the five core functions of NIST—identify, protect, respond and recover. Only detect remained flat.

What does this mean for healthcare cybersecurity? It illustrates a lag in establishing and executing comprehensive security measures. If healthcare organizations don’t improve, they put themselves at great risk, because hackers will continue to use more sophisticated practices to initiate breaches or plant malware.

Navigating Cybersecurity Challenges in Healthcare Internal-01

New Threats Arise in the Pandemic

The impact of COVID-19 permeates healthcare in every imaginable way, including spurring an increase in cybersecurity threats. A report from INTERPOL highlights that COVID-19 related phishing attacks are creating concerns. Cybercriminals are also using ransomware and DDoS (distributed denial of service) to impact healthcare infrastructure.

The uptick in ransomware may directly correlate to healthcare entities having to deploy remote systems quickly and an increase in telehealth services. These technology platforms are essential to keep the healthcare ecosystem working and ensure patient care; however, they are also new endpoints for access from cybercriminals.

What’s on the Horizon: New Concerns for Healthcare Cybersecurity

In the August 2020 Healthcare Data Breach Report, the number of breaches in August was less than the peak in June with 37 reported cases. However, August does represent the highest number of compromised records, with 2,167,179. The most prevalent cause was hacking, with the network server being the top location.

These data points seem to align with the shortcomings of healthcare on the NIST CSF. Beyond just the constant rise of breaches and the need for healthcare organizations to bolster their strategies, there are more trends every stakeholder in the sector should have on their radar.

Connected medical devices

These IoT (Internet of Things) devices are becoming extremely critical for managing chronic diseases and providing innovative new ways for care, but they also represent a risk.

Vulnerabilities exist, and not just in as a means for someone to infiltrate a network. They could also change the device itself, which is a patient safety issue. Healthcare systems need to work in concert with the manufacturers of products to ensure they remain secure.

The resurgence of ransomware

Ransomware is becoming the single biggest threat to healthcare cybersecurity. A recent attack left a large healthcare system’s network shutdown, impacting 250 hospitals.

In response, the HHS (Health and Human Services) Cybersecurity Program issued an update relating to the Ryuk ransomware. HHS provides a history of Ryuk and how to mitigate it, including cybersecurity awareness training for employees around phishing, implementation of Intrusion Detection Systems (IDS), blocking suspicious IP addresses, and other best practices.

Patient access portals

With the new interoperability rule finalized in March, patient access is a key provision. Payers and providers will have to provide patients a portal to access their medical records. While HHS has deferred the enforcement of these rules due to COVID-19, it’s still something that healthcare entities must be planning for, and that should include security protocols.

Navigating Cybersecurity Challenges in Healthcare Internal-02

Interoperability has long been the Achilles heel in healthcare digitization standardization; thus, security weaknesses will still be prevalent.

Mergers, acquisitions, and closures

In the past two years, the proliferation of mergers, acquisitions, and closures of hospitals has risen. Bankruptcy is a leading cause of closure or acquisition. With uncertainty during a public health crisis, many organizations are vulnerable.

If hospitals close or are acquired, patient data must be exchanged, converted or shared. These represent opportunities for hackers and should be top of mind for those impacted.

Telehealth expansion

Telehealth has finally become mainstream. It’s been a lifeline for patients and providers during the pandemic, with Medicare even allowing for greater coverage. While it’s enabling continuity of care, it does pose new cybersecurity challenges.

Healthcare organizations need to be vigilant about the platforms they choose, how they are used, and the networks where they sit. Organizations might consider practices like penetration testing to check the stability of the system.

Preparing Your Organization to Overcome Cybersecurity Hurdles

Healthcare cybersecurity is complicated and involves lots of people, processes and technology. Working to align with NIST CSF is certainly a great direction. Additionally, you should be monitoring trends and developing new, proactive ways to keep data safe.

In healthcare, protecting key data leads to more time spent ensuring positive outcomes, dollars saved that can be used elsewhere, confidence in the healthcare industry and in specific hospitals and systems, and more.

Telehealth, interoperability and other leading-edge solutions and best practices have the potential to revolutionize healthcare, and securing those capabilities will allow the industry to forge the best path forward.

One of the best ways to protect data is using an EHR that has a security certification from the Office of the National Coordinator for Health Information Technology (ONC). ChartLogic is proud to hold this certification, demonstrating the company’s commitment to security and compliance.

Learn more about the ChartLogic EHR today.

For the latest news, videos, and podcasts in the Healthcare Industry, be sure to subscribe to our industry publication.

Follow us on social media for the latest updates in B2B!

Twitter – @MarketScale
Facebook – facebook.com/marketscale
LinkedIn – linkedin.com/company/marketscale

Follow us on social media for the latest updates in B2B!

Image

Latest

Education R&D
Will the New Education R&D Bill Spark the Innovation Schools Desperately Need?
April 25, 2025

In a rare show of bipartisan cooperation, Senators Michael Bennet (D-CO) and John Cornyn (R-TX) have introduced the New Essential Education Discoveries (NEED) Act, aimed at revolutionizing how the U.S. invests in education innovation. The bill proposes a new National Center for Advanced Development in Education—akin to DARPA but for schools—within the Institute for…

Read More
How Verizon Business Utilizes UGC for Sales Enablement
How Verizon Business Utilizes UGC for Sales Enablement
April 24, 2025

In this episode of UGC for B2B, host David Dabney welcomes Cesar Teran, Verizon’s Sales Enablement Lead for Channel, to explore how user-generated content (UGC) is transforming training and team engagement at Verizon Business. Cesar shares the journey of introducing UGC into Verizon’s training initiatives, emphasizing the importance of authenticity, collaboration, and celebrating contributions….

Read More
digital freight invoicing
ODeX Is Leading the Charge in Digital Freight Invoicing
April 24, 2025

Global shipping continues to grapple with fragmented billing processes, often delaying cargo movement. According to McKinsey, adopting an electronic bill of lading could save $6.5 billion in direct costs and enable $40 billion in global trade. As vessels carry goods for thousands of shippers per voyage, the administrative burden of managing and reconciling invoices…

Read More
Human Intelligence Movement
Just Thinking… about Reimagining Education for the AI Era with the Human Intelligence Movement
April 24, 2025

As artificial intelligence reshapes education, work, and daily life, educators are grappling with how to prepare students for a future where human skills—not just knowledge—will be paramount. In fact, a growing number of reports highlight that employers increasingly value collaboration, communication, and emotional intelligence over memorized content. Amid this transformation, the Human Intelligence Movement…

Read More