Should the Healthcare Industry Revisit its Cybersecurity Priority?

Healthcare organisations across the world remain one of the most lucrative targets for cyber attacks. According to research by Infosec Institute, the selling price of a Protected Health Information (PHI)  on the black market can be 300 times more expensive than the selling prices of each Personal Identifiable Information (PII) includes individual credit cards and social security details. This is because individual health records such as ailments and surgeries cannot be amended if revealed in cyberattacks, unlike credit card details that can be reissued if a cyber attack targeted it. Furthermore, perpetrators can use PHI to benefit from fraudulent insurance claims, obtaining prescription medications, and purchase or resale medical equipment illegally.

Healthcare breaches around the world mainly occurred due to the following factors: Malware that we’re able to steal employee credentials and infiltrate inside networks, insider threats, compromise on the supply chain (e.g., breach at a third-party that store patient records), inadequate patching procedures for software used by medical organisations, and human errors induced by improper staff training. All it takes is only one vulnerable endpoint for the entire network infiltrated by cyber attacks.

Despite being the most lucrative targets for cyber attacks, research by Black Book Market Research revealed that in the United States, 96% of IT professionals believe that cyber attackers are outpacing medical cybersecurity capabilities. Only 21% of hospitals in the country employed a dedicated cybersecurity executive, with only 6% of them hired a Chief Information Security Officer (CISO). It highlights how the healthcare industry perceives cybersecurity matters on their priority scale. 

In the Asia Pacific, the healthcare industry woke up to one of the most severe incidents it has ever faced. In July 2018, approximately 1,500,000 healthcare records stored by Singapore’s Integrated Healthcare Information System (IHIS) were breached. Documents that were accessed by cyber attackers include senior government officials, including the nation’s incumbent and former Prime Ministers. The attack does not only undermine the reputation of Singapore’s SGD 29 billion healthcare industry; it also extends as a threat to national security matters. While the swift responses ensured that no health records altered or deleted, the attack on IHIS brought cybersecurity into the spotlight for the healthcare industry players across the region.

Key healthcare industry players in the Asia Pacific region can do better in protecting sensitive healthcare information. A survey conducted by PwC in 2015 indicated that healthcare is not among the top spenders of cybersecurity in Singapore, lagging behind other vital industries such as transport and manufacturing. There are rooms for improvement, starting from increased investment in cybersecurity measures, upgrading training for employees in handling healthcare records, employing cybersecurity professionals into healthcare providers’ structure, or partnering with known experts on the cybersecurity industry.

Looking at the past decade’s trend, cyber-attacks directed at healthcare will only continue to increase. If your organisation is looking to upgrade your cybersecurity measures, visit quantum.security, and see how our capabilities can introduce real-time threat detection and monitoring across all security layers, with internationally-recognised frameworks for unmatched value.