The numbers may be improving. That said, when compared to Fortune 1000 establishments, hospitals continue to rank below the curve in vulnerability to potentially serious cybersecurity issues, such as spam, malware, and botnets.
Findings published in an August 2021 edition of the Journal Of The American Medical Informatics Association disclosed that healthcare institutions holding low cybersecurity ratings were more vulnerable to data penetration and theft from cyber criminals.
This study, which additionally examined hospital cybersecurity rankings with those registered by Fortune 1000 companies, concluded that health-maintenance establishments lagged behind in their capacity to protect digital networks and accompanying components like medical transcription services, EHR transcription, and EHR security from various cyber threats.
Study authors Sung Choi, representing the University of Central Florida and Vanderbilt University’s M. Eric Johnson maintain that recent significant ransomware and hacking incidents render hospitals far more vulnerable to threats resulting in potentially serious consequences for both the institutions and the patients they serve.
The researchers continued that further risk assessment will be necessary to stay on par with these burgeoning threats. Moreover, said authors suggest that hospitals should be prepared to make additional and more aggressive investments in cybersecurity efforts.
The authors compared risk rankings of roughly 600 hospitals and 1,000 corporations over a five-year period. Findings showed that, during 2014-2016, healthcare establishments scored measurably lower security ratings. However, in the years that followed, the numbers tightened a bit. From 2017 until the 2019 study completion, statistical difference no longer existed.
The study’s organizers stated that the preceding statistics suggest that hospitals realize the threat is serious and are making discernible strides in implementing security safeguards already employed by corporate entities.
That said, researchers stress that these positive changes have not been healthcare industry-wide. Said professionals caution that medical institutions still struggle to make up ground when examining the untoward and possibly significant issues, such as malware and spam. Choi and Johnson also weighed the differences between hospitals that had experienced compromised security versus those that had not. It should come as no shock that institutions given low rankings stood at a more significant risk of future problems.
In recognition of these findings, Choi and Johnson say that hospital administrators may be able to prevent or reduce the chances for security breaches through efforts like updating digital networks and their security protocols and placing an emphasis on training staffers to guard against systemic vulnerabilities.
Hospitals are not the only major establishments targeted by cyber criminals. However, the recent cyber attacks on entities, such as government agencies, pipelines, and meat processing plants clearly demonstrates that cybersecurity could place patient privacy and financial well-being in serious jeopardy. Moreover, when hospitals experience major incidents, such events could weaken the public’s confidence in their ability to safeguard its personal data. Not too long ago, Scripps Healthcare underwent a shutdown lasting a full week due to a ransomware event. This occurrence was followed by a plethora of patient lawsuits.
Choi and Johnson maintain that policy makers should place a greater emphasis on improved cybersecurity in the healthcare realm. Moreover, said officials are encouraged to offer benefits for those medical establishments that make the proper investments.