It is anticipated that the devastating global malware attacks of WannaCry are only just beginning, with more severe assaults on the horizon. As the technology and social engineering landscape continues to develop, layered and comprehensive security approaches must be created to protect confidential information. It’s not a matter of if, but simply a matter of when and next time healthcare organizations may not be so lucky in thwarting the attacks and securing confidential data.
Since the major incident of May 12th, It has been revealed that roughly a million more systems have been infected than originally estimated. Moreover, while the siege began in May, the bulk of the attacks took place in June. This was due to the fact that most of the health systems were unaware of the breach. The method of attack is thrifty; once the system has been tapped into, the virus can operate independently from the hacker. This means confidential information can be exploited at alarming rates right under the nose of the victim without their awareness of the issue.
The initial attack was directed at the UK’s National Health Service, but has since spread to more than 150 countries with tens of thousands of infections to follow. These types of malicious attacks can put lives in danger, yet many healthcare organizations are unprepared for these security breaches. These statistics may be overwhelming, but they point out that serious action must be taken to ensure the safety and privacy of millions of people. Confidential Information must be considered at risk at all times, and only shared through secure networks.
With hackers getting more sophisticated, many authorities in the industry believe the rigor and number of attacks will increase and therefore so will the the cost to recover data that is being held hostage. Many facilities are even paying ransoms to keep news of the breaches private so as to not lose credibility with their customers, patients, or the public. Not to mention, with healthcare reform constantly changing, facilities are finding it difficult to keep up with compliance requirements. Organizations must be able to restore data after an attack as well as conduct an annual disaster recovery test.
Healthcare organizations need to keep cybersecurity a priority. A 2016 report from the Ponemon Institute states that 79 percent of healthcare organizations say they were hit with two or more data breaches in the past two years. As the likelihood of falling victim to these threats grow, like any other type of risk management situation, organizations need to factor in budgeting in the areas of threat prevention and recovery. Preventative security measure alone are not enough, but instead a disaster recovery strategy must be established so that confidential information can be retrieved efficiently. Not only must this information be brought back into safe arms, but organizations should be able to demonstrate that their system has fully recovered following an attack.