Data of patients and healthcare personnel increasingly at risk. And according to Mia-Care, for a hacker-proof patient data security, you need encryption, network segmentation, access control. According to the Check Point report in 2022 there were an average of 1463 cyberattacks per week in the healthcare sector, an average of 209 attempts per day. Numbers that make healthcare the prima industry for percentage growth year on year and the third for cyberattacks behind the “Academic-Institutional” (2314) and “Government-Military” (1661) sectors.
In Italy attacks tripled
In terms of data breaches (actual violations and data recovery by hackers), the US Department of Health and Human Services shows that in 2022 there were 707 violations for a total of almost 52 million stolen data records. In Italy the only data available pertains to the Clusit report 2023. The report states that cyberattacks in the last four years are tripled going from 3 in 2018 to 9 in 2021 and 2022. With a severity that in the last year is critical in 78% of cases and high in the remaining 22%.
Exponentially growing costs
Furthermore, the costs involved in data breaches are alarming. IBM’s Cost of Data Breach Report 2022 highlights how for 12 consecutive years the healthcare sector has recorded the highest average cost for a breach. Arriving in 2022 at 10.10 million dollars. A figure up 42% and almost double the average cost of the financial sector, in second place in this ranking with 5.97 million dollars.
Hack-proof patient data security
Marzio Ghezzi, CEO of Mia-Care
Healthcare facilities short on cybersecurity resources, particularly vulnerable IT structures, lack of specific know-how to deal with increasingly sophisticated IT attacks. These are just some of the causes that explain these numbers. Thanks to the use of artificial intelligence technologies such as ChatGPT that can generate malicious codes and fake emails at an increasingly rapid and automated rate, we expect that cyberattacks on healthcare facilities will continue to grow and become more sophisticated in the future.
New IT tools
The implementation of the technology in healthcare has created a much larger and more extensive attack surface for bad actors. Basic medical studies are connected to the National Health Service, pharmacies and hospitals. The increasingly frequent use of apps and electronic tools to provide personalized health care and telemedicine leads us to rely on developers and programmers. Professionals who must be able to guarantee that these new IT tools are safe as well as performing in medical terms.
Data for sale on the dark web
Another point in favor of hackers concerns dedicated investments in cybersecurity. According to Statista, only 6% of healthcare facilities dedicate an IT budget greater than 10% of resources compared to 40% who dedicate only up to 6% of the budget. 18% cannot answer this question. Eventually the hackers who manage to gain access to the information put it up for sale on the dark web. The document “Threat Landscape Report Italy” by the US SOCRadar shows how on 15 July 2022 a database of Italian doctors and patients was put up for sale.
The role of metadata
Marzio Ghezzi
For cybercriminals, health data is worth more than financial data. In fact, within the medical records there is structured information that does not change over time, as could happen instead for bank data. They are an immense treasure as they contain metadata. Or that data transversal which have a different nature: from personal data to insurance data, up to family relationships. This is why it is essential to protect them in the best possible way by allowing adequate training of clinical staff on IT risks.
Tips for hacker-proof patient data security
These numbers are testament to the importance and criticality of healthcare patient data for cybercriminals. These aim to recover, in addition to general patient information, also health insurance, numbers and contents of medical records and social security numbers, with direct threats to patients. Remaining in this context, privacy and data security are top priorities for the sector. According to “Future Health Index 2022” 41% of Italian healthcare leaders put data security and privacy first as their top priority. A clearly higher figure than the global average (20%) and that of the other European countries (21%).
The human factor
Again according to the report created by IBM, the first cause of a data breach are errors in IT systems, caused by the interruption or malfunction of IT systems with 24%. These cases include errors in source codes or malfunctions of processes such as errors in automated communications. This is followed by human error (21%) unintentionally caused by negligence, supply chain attacks (19%), destructive attacks (17%), ransomware attacks (11%). The remaining 8% other types of malicious attacks.
How to reduce risk for hack-proof patient data security
So what are the steps to take to minimize the risk of a patient data security breach? These are Mia-Care’s tips for hacker-proof patient data security.
- End-to-end data encryption. Data must be encrypted at rest (including network and cloud back-up) and in transit, with decryption tools stored on a device or in a separate location.
- Access control. Only people who need to know certain information can have access to it. And even then, they should only have access to the specific subset of information they need. You should rely on two or more factor authentication (2FA/MFA), ideally using a physical device with a security key.
- Risk analysis. Performing a periodic analysis of information risks favors the good health of the IT infrastructure and the data system. Based on the result, the system can be strengthened where it is assumed that gaps may arise in the future. In addition, new areas can be identified where a data defense action plan should be created. It is essential to always activate encrypted backup procedures and risk mitigation.
Tips for hacker-proof patient data security
- Network segmentation. It is essential to keep critical patient monitoring and diagnostic devices in a separate part of the IT system using network virtualization. Monitors capture patient health diagnostics in real time. So if hackers break into the main computer network, they shouldn’t have the ability to move around the facility and access patient records or medical devices.
- Staff training. As highlighted, 21% of data breaches are caused by human errors. Patient data security depends on staff practices and training on this issue needs to be done at all levels. This is to make sure employees understand their contribution to keeping data secure and systems free from unwanted interference.