The field of cybersecurity has always been incredibly important to the world of information technology and has increasingly become critical as technology has advanced.
Specifically, the world of healthcare entails a unique array of cybersecurity concerns, given the nature of the industry and the incredible volume of data. Health records intrinsically deal with the most vulnerable details about people. There are no low yield vs. high yield breaches; rather, all breaches have the potential to be catastrophic with regards to patient privacy and identity.
Furthermore, healthcare is one of the fastest and highest producers of data, meaning that the volume of information that requires protection is unfathomably high. Some estimates indicate that hospitals produce nearly 50 petabytes of data on a daily basis, an incredibly large volume of information to process, let alone safeguard. Given how sensitive this data is, infrastructure is required to not only store it, but also defend it from vulnerabilities.
Earlier this year, the United States Department of Health and Human Services Cybersecurity Taskforce issued a circular to provide resources and training to help fight the rising tide of cyber-threats specific to healthcare. Deputy Secretary of HHS, Andrea Palm, explained: “Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention…These trainings will serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring that those hospitals and health care organizations most vulnerable to attack can take steps toward resilience. This is part of HHS’s continued commitment to working with hospitals, Congress, and industry leaders in protecting America’s patients.”
Just last week, HCA Healthcare, one of the nation’s largest healthcare organizations, reported a significant cybersecurity incident. Unfortunately, many of the most prominent hospital systems around the globe have experienced similar problems in recent years, frustrated by growing threats to their patients and communities. Policymakers, healthcare regulators, and organizational leaders are worried, and for good reason.
In a December 2022 study published in JAMA, researchers found that from 2016 to 2021 alone, the annual number of ransomware attacks on healthcare organizations doubled, potentially exposing the personal health information of nearly 42 million patients. It was also noted that almost half of these attacks disrupted the delivery of timely care, creating a significant problem for the healthcare organizations and affected communities.
A key issue with cyber-threats in the health industry is that data is not the only vulnerability. Rather, with the increased use of “smart hardware” and “connected devices” for medical purposes, unique vulnerabilities have emerged— many of which may result in life vs. death scenarios. One of the most famous examples of this was demonstrated when security experts found a way to hack and breach into a pacemaker, exposing a significant vulnerability that allowed them to remotely control the electric charges delivered to the patient by the device.
This incident shifted the paradigm of how healthcare cybersecurity was viewed thereafter: suddenly, the concern was no longer solely about data or privacy, but about how a hacker or perpetrator may be able to remotely control a life-saving device such as a pacemaker or insulin pump— devices which millions of people around the world rely on daily.
For these reasons, the U.S. Food and Drug Administration has recommended an incredibly cautious approach with regards to medical devices and their security. However, the reality is that with advancements in technology, new problems will undoubtedly emerge.
This is why cybersecurity, especially within the realm of healthcare, will likely become one of the most important job functions in the coming years. The Bureau of Labor Statistics indicates that “Information Security Analyst” is among the fastest growing occupations in the country, expected to grow nearly 35% by 2031. The White House has also made this a priority and even convened a National Cyber Workforce and Education Summit last year: “With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressively. [This Summit] will also serve as a call to action – to ensure that all Americans can capitalize on the benefits of the digital domain and to ensure that our Nation carries through on the positive opportunities ahead of us.”
Indeed, training the next generation of technologists in the art and science of cybersecurity will be of utmost importance to support the backbone of healthcare and the rapidly growing digital economy in the coming years. Therefore, regulators, policymakers and innovators must do everything within their power to invest in this arena and prepare for a better future ahead.