By Almog Apirion
The past few months have seen a near unprecedented uptick in cyber attacks on hospitals, clinics and healthcare providers.
Smaller facilities who often have fewer resources have been hit particularly hard by the rapidly evolving waves of cyber attacks. Healthcare providers are left wondering how they can migrate to new systems all the while ensuring there is no downtime or lag throughout the transition. But with patients' lives at risk, it is crucial that healthcare facilities take the necessary steps to implement next-generation, identity access based cybersecurity protocols. IT departments looking to upgrade their facilities systems should focus on three major areas: user permissions, third party access, and phishing schemes.
The reality of healthcare facilities and cyberthreats
From July 2021 to June 2022, more than 42 million patients
had their data exposed due to a cyber breach. The subsequent delay in testing caused by these breaches was reported
to result in poor patient outcomes and increased complications from medical procedures. More urgently, the same report found cyber attacks directly correlate with an increase in patient mortality rates.
But if cyber attacks are directly affecting patient outcomes, why are so many facilities slow to upgrade their cybersecurity systems? In short, the transition to new cybersecurity systems can be expensive and time consuming. Employees can struggle to learn new systems while maintaining productivity and added security layers have the potential to cause lags in critical networks.
In turn, healthcare facilities need to look for solutions that won’t affect day to day operations or cause users significant delays when interacting with the network.
Why healthcare facilities are particularly at risk
The sheer amount of users, applications and services in healthcare who need secure network access can pose problems for hospital cybersecurity teams. And that’s not even taking into account that doctors, nurses, care staff, office staff, leadership, and IT, among many other types of users, all likely require different permission levels to very different resources. Keeping track of all of these unique user types and permissions cannot only be logistically difficult, but also opens the door for many more users to accidentally compromise a system or introduce a bad actor to the network.