This article is sponsored by Cynerio.
Texas Targeted by Hackers
In recent years the health care industry has become the primary target for cybercriminals. Fueled by valuable patient data, lagging security practices and an increasing willingness to pay ransoms, attackers have found high value, low effort targets throughout the United States.
Unfortunately, Texas is not immune to the efforts of hackers. Since the beginning of 2020 there have been 128 reported hacking or IT incidents of leaked data impacting over 13 million patients. A simple google search reveals dozens of additional ransomware attacks which have impacted patient care and the finances of the facilities they rely on.
Simply put, cyberattacks on health care facilities are a global issue with local consequences.
The Escalating Trend: A Look at the Numbers
The surge of attacks on health care are growing far faster than many realize. According to the U.S. Department of Health and Human Services, Texas has seen a recent spike in data breaches resulting from Hacking or IT incidents. In 2015 Texas experienced five such incidents accounting for the exposure of 102,000 patient records. Seven years later these numbers have increased dramatically, with 44 such attacks exposing nearly 6 million patient records in 2022.
This spike is not an anomaly, but instead the result of focused efforts to target hospitals overwhelmed with the increased burdens that began in 2020. Unfortunately, this upward trend has continued to this day.
| Year | Incidents | Individuals Affected |
|---|---|---|
| 2022 | 44 | 5,968,627 |
| 2021 | 35 | 5,551,575 |
| 2020 | 28 | 1,013,068 |
| 2019 | 21 | 2,279,951 |
| 2018 | 15 | 178,828 |
| 2017 | 20 | 598,902 |
| 2016 | 6 | 165,312 |
| 2015 | 5 | 102,668 |
Rapid Technology Adoption, Lagging Security Protections
The cyber risks faced by modern health care environments boil down to two simple facts. First, hospitals rapidly adopt proven technologies that improve patient care. From remote radiologists to widespread onboarding of connected devices, the increasing ability to quickly and accurately share patient data has profoundly impacted the industry.
Second, these technologies frequently rely on security technologies and methods that are over a decade old. One must look no further than the proliferation of IoT devices in the average hospital to understand the challenge. From IV Pumps to security cameras, these devices typically can not have endpoint protections installed, openly communicate across “flat” networks, access large volumes of patient data, and are notorious for device level vulnerabilities.
The degree to which these devices are vulnerable is alarming. A recent FBI Private Industry Notification warns that 53% of connected medical devices and other Internet of Things (IoT) devices in hospitals had known critical vulnerabilities. With an average of 10-15 such devices per hospital bed, it’s not uncommon for thousands of insecure devices to populate a mid-sized facility, introducing thousands of risks and an environment seemingly designed for spreading malware, ransomware and related data breach attacks.
Addressing Attacks and Protecting Patients
As cyberattacks against health care began increasing in 2018, so did the investment in technologies that address the new wave of device-focused cybercriminals. With an initial focus on discovering devices, these technologies used the verbose nature of medical technologies to provide an automated inventory without impacting patient care.
Over time a focus on actionable security has forced the evolution of these products. Second generation IoT protections not only provide highly accurate device inventories, but also identify attacks missed by in-place systems, provide IT alerts with low false positive rates, inform patch procedures and recommend network level protections.
Among the leaders of second generation solutions is Cynerio whose combination of Attack Detection & Response (ADR) and Preventative Risk Management (PRM) products provide the reactive solutions needed by health care facilities on day one paired with long term recommendations that harden environments against constantly evolving attacks.
Get Started Today! Stop Cyber Attacks and Secure Connected Devices in Health Care with Cynerio
Every 7.1 minutes a cyberattack occurs in health care. Cynerio has one simple goal – to stop these attacks and secure every IoT, IoMT, OT and IT device in health care environments. With capabilities ranging from microsegmentation and improved device insight to identifying exposed ePHI and stopping ransomware, Cynerio provides the technology and expertise needed to protect hospitals and patients from cyberattacks.
Try Cynerio’s Health Care IoT Attack Detection Assessment (AAD) – no cost, no commitment!
Cynerio has one simple goal – to secure every IoT, IoMT, OT and IT device in health care environments. Learn more about Cynerio at cynerio.com or follow us on Twitter @cynerio and LinkedIn.
Related articles from The Scope
Best Practices: Hospital Cybersecurity Assessments
During a recent call with hospital executives, a CEO from a rural health care system shared his organization’s experience from a cybersecurity breach that occurred in 2020. The story was…
Introducing IVP: Integrated Viral Protection
The Texas Hospital Association’s Center for Technology Innovation (CTI) works on behalf of all Texas hospitals as a reliable, unbiased source for experts, information and solutions to serve hospital leaders…
Home Health Partnership Helps Hospital System Navigate COVID-19 Crisis
Despite facing major challenges, Texas hospitals have performed well under the stress of the COVID-19 pandemic. Now, with additional support and strategic partnerships, some hospitals have seized the opportunity to…
Best Practices: Outsourcing Hospital Food and Nutrition and Environmental Services in a Pandemic
Have you ever actually stopped to think what is the definition of care? Encyclopedia.com defines it best as “The provision of what is necessary for the health, welfare, maintenance and protection…