October is Cybersecurity Awareness Month, a time to focus on safeguarding digital infrastructure and protecting sensitive data. When it comes to the healthcare industry, that job comes with a unique set of challenges. Plus, amid growing labor shortages and patient privacy concerns, cybersecurity plays a crucial role in healthcare staffing and workforce management.
So, from the rise in cyberattacks to the impact of labor shortages, here are seven trends that leaders should consider when double-checking their plans for cybersecurity in healthcare this month.
Why Cybersecurity in Healthcare Matters
Cybersecurity in healthcare is consistently a top concern for leaders with good reason. Successful attacks often lead to disastrous results. In one recent example, an August 2023 “data security incident” affecting facilities in California, Connecticut, Pennsylvania and Texas caused the suspension of outpatient appointments, elective surgeries and other essential services.
“Beyond the obvious consequences of disruptions to diagnostic, testing and treatment equipment, even minor reductions in efficiency caused by cyber incidents compound to increase staff workload and degrade the system’s ability to provide medical care,” wrote the authors of a study on the impact of cyberattacks cited by NPR.
With attacks on healthcare providers surging in 2023, and with organizations of all sizes at risk, the topic demands attention. And with Cybersecurity Awareness Month upon us once more, the time is perfect to explore the biggest trends shaping not present but future strategies, too.
7 Trends Shaping the Future of Cybersecurity in Healthcare
Trend #1: Healthcare Remains a Top Target
“Cyberattacks on healthcare organizations worldwide are getting worse, and they’re not going away,” writes Lisa Phillips at Insider Intelligence. She also cites a 2022 report marking healthcare as the industry with the most data breaches for three straight years. Another report noted that U.S. healthcare organizations experienced an average of 1,410 cyberattacks every week in 2022 — a rate almost double that of 2021.
And 2023 shows even more evidence of this. Targeted by the FBI in recent months, the “Hive” ransomware gang specifically targeted hospitals. And in what CNN described as a “hacking spree” in the summer of 2023, Johns Hopkins University’s health system stated that “sensitive personal and financial information,” like “health billing records” may have been compromised.
This is, unfortunately, the new normal. Hackers target hospitals and healthcare facilities because of the valuable nature of patient data. From protected healthcare information (PHI) to data of an operational or competitive nature, it all offers unique value to hackers. For these reasons, experts expect attacks to continue to escalate — in number, size and scope.
Trend #2: Methods Continue to Evolve
As the number of attacks increases, so does the variety of methods used. Phillips defines the top two threats as phishing and ransomware attacks. And, while those may be long-standing tactics, they’re now being used in new ways — especially ransomware and malware. For instance, the recent “Hive gang” attacks used a new version of ransomware, as the American Hospital Association (AHA) points out.
In addition, a report from HIPAA Journal points to new types of ransomware as the most important among “notable changes in the threat landscape.” Attacks now come from smaller, less professional groups who have stolen and distributed the tools of more sophisticated hackers. As a result, they operate as “more agile cybercriminal groups that are better able to evade law enforcement.”
Trend #3: Targets Continue to Evolve
Hackers constantly seek new openings to exploit — and have been largely successful at finding them lately. Phillips lists third-party vendors, the cloud and the Internet of Things (IoT) as the three areas most at risk. She also cites a survey showing that 61% of leaders experienced an attack from the cloud in 2022.
In other words, a rising number of hacking attempts come indirectly, through a vendor or partner with different security measures in place. As important as they are, these relationships can often create openings for hackers to exploit.
Trend #4: New Technology Creates New Risk
Technology represents other challenges for cybersecurity in healthcare, as well. Writing for the Forbes Technology Council, security industry CEO Meredith Bell notes that many companies that underwent digital transformation during a certain period now operate with outdated equipment. Leaders should make a point of scanning these “legacy environments” for easy-to-exploit vulnerabilities, she advises.
The HIPAA Journal report also points to new technology like ChatGPT as offering new touchpoints for hackers to exploit. The greater use of remote and connected devices does the same. Phillips cites reports estimating that “53% of connected devices are at risk of a cybersecurity attack,” with IV pumps and VoIP systems the most at-risk entry points.
Trend #5: Staff Continues to Play a Key Role
Even the best plan for data security can fail if it isn’t implemented or maintained properly. Success requires full buy-in and participation from every team member at every level, especially since the devices they use, and passwords they choose, are often the easiest things for hackers to exploit.
“Team members need to be aware of what devices they’re using to access healthcare systems,” Bell writes. “Phishing tactics through spoofed emails are another common source of cyberattacks, which can be mitigated through vigilance and heightened awareness by team members.”
What does that mean on a practical level? Experts advise giving new team members should receive initial training on data security policy that’s engaging and robust. And staff should also have a seat at regular planning sessions and updates. Leaders can also expand their knowledge of their own organization’s vulnerabilities with regular communication with key staff members.
Trend #6: The Impact of Labor Shortages
As we’ve seen, success often depends on the workers who use the system. And that means the ongoing labor shortages are also affecting data security, as many organizations struggle to stay fully staffed.
As we’ve seen, understaffing can lead to more clinical errors and risks to patient safety. It can also drive burnout in overworked nurses and clinicians. Amid the urgent need to deliver clinical care, these workers may neglect data security best practices, or worse.
To help meet this challenge, experts like Bell predict the greater use of automation in the years ahead. With automation, leaders can streamline common tasks, helping reduce the potential for human error — a common entry point for cyberattack. Managers tasked with overseeing security can also use it enforce internal rules, discover potential errors, and providing support where needed.
Trend #7: The Narrative Is Changing
As the challenges associated with healthcare industry cybersecurity have grown, so too have opportunities for help in overcoming them. For instance, the AHA recently praised Congress for legislation supporting healthcare industry cyberattack victims who can prove HIPAA compliance.
In addition, the authors of the study cited by NPR believe attacks on hospitals “should be considered a regional disaster.” Arguing that cyberattacks cause “serious resource constraints” for hospitals that also affect time-sensitive care, the authors urge authorities and the public to boost the support they offer.
“We’re also pushing for a change in how victims of cybercrimes are viewed,” AHA President and CEO Rick Pollack explained in a statement from earlier in 2023. “Those targeted by cyberattacks should be supported, not assigned blame. It seems like a simple thing, but too often there is an unfortunate narrative in the public that targeted organizations were at fault or unprepared.”
Meet the Challenge of Cybersecurity in Healthcare with CareerStaff
Looking to get ahead of workforce management and cybersecurity? Our nationwide clinical staffing services can deliver the skilled workers you need to carry out your data security plans. And our healthcare VMS and MSP services can help bring your technology up to speed and introduce important improvements in automation and third-party vendor protections.
Moreover, we can help you work through key workforce issues like training, onboarding, and skill development. Our status as a Joint Commission-Certified provider of workforce solutions means always working to meet your best interests. Ready to learn more? Contact us today to connect with a CareerStaff expert!