By Ray Overby
Ransomware and cyberattacks in hospitals are on the rise in recent years, with more than 180 million patient records stolen since 2015, and more than 90 percent of healthcare organizations experiencing a data breach since 2016. Yet, hospital IT security budgets have largely remained static.
Are hospitals prepared to handle today’s security risks? A survey of nearly 2,500 healthcare security experts revealed that 96 percent think that bad actors are outpacing the defenses of their medical enterprises.
To add to the complexity, many of the largest hospital systems in the US run mainframes, but the security of these systems often isn’t up to par. While mainframes are arguably the most securable platform, they still have weaknesses, like code-based vulnerabilities, that if exploited could endanger the entire enterprise.
I wrote about this challenge in recent articles for Healthcare Business & Technology and Health Data Management. I’d encourage you to check out the full piece for more details about the various security risks in hospitals, as well as what we can do to mitigate those risks.
Hospitals need both the staff and the technology to ensure their mainframes are always up, running and protected. But, we know that hospital IT managers are overwhelmed. While these professionals may be technically astute, there simply are not enough of them to track some of the biggest risks to the mainframe today.
And that’s a risk for anyone who’ll ever set foot in a hospital: If a bad actor gains access to this environment, they’d have the potential to cripple the entire hospital, from posting orders to securing insurance coverage.
Here’s an example. Most medical devices today are peer-to-peer or wirelessly attached to the clinical information system. If a bad actor were to escalate their authority on a mainframe and change device authorities and passwords, those medical devices could no longer be accurately managed and administered.
This is a serious concern, especially in the face of mounting evidence that patients have already been harmed by compromised medical devices. A recent survey of healthcare delivery organizations and vendors found that up to 1,000 patients have been negatively affected by compromised healthcare infrastructure.
To close the security gap, we’re going to need hospitals to invest in the teams and technology solutions that will keep patients and patient data safe, starting with addressing the vulnerabilities that put them at risk.
Read my full piece, “Hospitals are vulnerable to security risks, putting patient data, care in danger” in Healthcare Business & Technology, or “Why mainframe security risks are largely unrecognized,” in Health Data Management, for more about the security risks in hospitals. You can also learn more about mainframe vulnerabilities and Key Resources, Inc. on our website.