In a season when we have so many in healthcare to be grateful for, it should give everyone pause that threats to hospitals are on the rise. These bastions of health and healing have become targets for bad actors looking to disrupt the American healthcare system, wreak havoc in a time of crisis, and generally cause chaos.
Hospitals are left to shore up their security with all manner of protocols, both physical and digital. So what are the concerns facing hospital safety?
In this guide, we’ll look at the 7 biggest threats to hospital security in 2023.
But First, What is Healthcare Security?
1. Data Breaches
It’s the words that send shivers down the spines of hospital administrators: data breach. Insight Dice magazine reported this year that ransomware is the biggest threat to cybersecurity. The story goes on to quote Joseph Carson, chief security scientist and advisory CISO at security firm Thycotic as saying “with organized cybercrime groups also stealing the data before they encrypt it, meaning that companies are not just worried about getting their data back but also who it gets shared with publicly.”
When it comes to ransomware, no business is safe, but hospitals in particular.
In fact, the Federal Bureau of Investigations this year warned that attacks on hospitals were expected to surge, according to CNET.com. To show just how serious the situation is, CNET reports that “when the city of Atlanta suffered a ransomware attack in 2018, it paid $2.6 million to recover from it, while the ransom itself was $52,000. In Germany, a patient died because a ransomware attack in September infected the nearest hospital when she needed urgent medical care.”
So what can hospitals do?
They need to take proactive measures regarding their cybersecurity, backup data regularly, and use the cloud to save data, TechRepublic suggests.
2. Insider Threats
We’ve all heard the horror movie saying “it came from inside the house.” Well, that’s more apropos these days for security threats that “came from inside the hospital.”
Health Informatics reports that “According to Becker’s Hospital Review, 15 percent of security breach incidents in the healthcare industry in 2013 were caused by insider misuse.” That means breaches by hospital staff themselves.
The crimes could be anything from stealing property to breaching private data. The goal? Often individuals steal the latter to commit tax fraud, Health Informatics says.
So what can hospitals do?
Regular audits of all devices — that includes employee work stations, personal computers, and even workplace cell phones. When patient data has been accessed, reviewing these devices may find reg flags of abuse.
3. Active Assailant Attacks
It’s horrific to even consider, but active assailant attacks on hospitals are a clear and present danger.
Nurse.com reports that hospital attacks increased from 9 per year from 2000 to 2005 to 17 per year from 2006 to 2011. This has led to healthcare systems designing new security protocols to ensure the welfare of both staffers and patients and a key part of this has been developing more robust identification tools.
No longer can a guest just amble onto a hospital campus to see a patient. Today, visitors must comply with sophisticated identification policies that often use Visitor Management Systems, like this one from Specialist ID. This software not only prints self-expiring badges for everyone who steps foot on a hospital site, but it also logs visitor data so clinics can keep tabs on who has come and gone.
With these powerful resources, healthcare centers can better protect those who need care the most from violent attacks.
If 2020 has taught us anything it's that with a global pandemic, the strain on our healthcare system has been immense. As ICUs hit capacity and doctors and nurses worked overtime to triage COVID-19 patients, burnout became a real concern.
American Academy of Family Physicians reported in September that of 5,000 physicians surveyed in a Medscape study, 64% said the pandemic had intensified their sense of burnout. This emotional toll was leading to weight gain, higher drinking levels, and the use of prescription stimulants.
How is this a security threat? If our overworked doctors and nurses aren’t fully aware due to stress and exhaustion, all kinds of security incidents can occur. Just choose from the list above.
If the healthcare system is going to be able to weather this world crisis, we’re going to have to give medical staffers time to regroup, rest, and recover. Something that’s difficult now given rising case numbers.
5. Fraud Schemes Tied to COVID-19
Opportunists will take advantage of any crisis and this one is no exception. This year the Department of Health and Human Services Office made it clear that hospitals would be especially vulnerable to these kinds of attacks.
At hospitals, email is of top concern. Health IT Security published a story this year that says the rollout of vaccines will make these kinds of phishing tactics even more acute. “These schemes include advertisements or offers for early access to vaccines upon a deposit or monetary fee, as well as requests asking users for out-of-pocket payment to obtain a vaccine or to put their name onto a waiting list to receive a COVID-19 vaccine,” the story says.
6. System Vulnerabilities
Hospitals are heavily reliant on their technology systems, including electronic health records (EHRs), laboratory and imaging systems, surgery equipment and more in order to provide effective care for their patients. It’s essential for hospitals to keep all of these systems up-to-date and patch any weaknesses as quickly as possible in order to protect against malicious attacks targeting specific hardware components or software vulnerabilities.
7. Physical Security Deficiencies
It's important for hospitals to ensure there are no physical security deficiencies within the institution itself by routinely assessing staff privileges so only those with necessary clearance enter sensitive areas like medical labs that house vital medications needed during emergency situations.. Additionally inadequate security personnel will leave open access points for undesired individuals to walk through freely without being questioned about why someone would need free entry during off hours when the facility should be closed.. It is vital hospitals take active steps by doing background checks on all new hires as well as frequent reviews of existing employee profiles within certain departments in order to not miss out on potential risk factors caused by insufficient tracking methods put into place before an incident occurs.