In Focus Resource Center > Insights

Cybersecurity and the Healthcare Industry - Part 2: Prognosis

One characteristic that cybersecurity threats share with real-life viruses is the terrifying ability to swiftly morph into more dangerous threats, rendering today’s effective treatments ineffectual without warning. These changes continuously keep IT departments and cyber professionals off balance, forcing them to rapidly devise new remedies that can defeat the next iteration of insidious security threats. In addition to this, since healthcare organizations are only growing more dependent upon technology, there is no cure to cybersecurity threats in sight.

While today’s existing cybersecurity threats such as ransomware will continue to plague healthcare organizations for the foreseeable future, there are two challenges that threaten to wreak new types of havoc: the vulnerability of medical devices to cyberattacks and the introduction of stricter security and privacy regulations.

  • The Internet of Medical Things (IoMT) is the term for the Internet-connected network of healthcare devices, the underlying infrastructure, and the applications that are used to connect medical information technology. This area continues to experience meteoric market growth in the face of rising telehealth and growing medical needs. From 2019 to projected 2026, the market size is expected to explode from $55 billion to over a quarter of a trillion dollars. With this massive influx of devices comes the inevitable risk of poor security protocols, leaving the products susceptible to cyberattacks. As a result, there are a multitude of case studies regarding security flaws being found in medical devices, including infusion pumps, pacemakers, and x-ray machines. Since the growth of these devices is all but assured, it is critically important that healthcare facilities work closely with the vendors to evaluate new medical devices. This evaluation process should ensure that vulnerabilities are being addressed and that upgrades and patches are being applied in a timely manner.
  • When the Health Information Portability and Accountability Act was passed more than a quarter century ago, few of its authors could envision the rapid and near-complete transformation of medical information from physical to digital mediums. One dramatic example of this shift occurred during the pandemic as in-person doctor visits were replaced with telehealth consultations. Cybercriminals have taken notice of this digitization and continue to formulate sophisticated new schemes and tactics to steal this protected health information (PHI). PHI is one of the most valuable commodities found on Dark Web information marketplaces and can result in a lucrative payout for savvy hackers. Due to this, there has been a growing desire for more modern regulations to be enacted to ensure healthcare organizations are implementing better protections. One example of new regulatory measures was unveiled in March 2022, when two senators proposed the Health Data Use and Privacy Commission Act. This legislation is meant to modernize HIPAA by developing solutions to safeguard patient privacy without impeding healthcare providers. Another piece of legislation that was unveiled in March is the Healthcare Cybersecurity Act, which aims to strengthen healthcare cybersecurity by partnering the Cybersecurity and Infrastructure Security Agency (CISA) with HHS. These proposed regulations to enhance patient health information protection will not be the last, so it is imperative that healthcare organizations enlist a data security and privacy resource who is well-informed on the changing regulatory landscape and its attendant obligations. This resource, whether it consists of a single onsite expert or a team of outsourced specialists, needs to be capable of maintaining security defenses, controls, policies, and procedures that are nimble enough to be modified without causing excessive burden on the medical staff.

To help your cybersecurity defenses receive a clean bill of health, consider setting up a meeting to discuss how Citrin Cooperman can help protect your business. To get started, please contact Kevin Ricci at kricci@citrincooperman.com or Michael Camacho at mcamacho@citrincooperman.com.

Read Part 1: Diagnosis here >>

Read Part 3: Treatment here >>

Our specialists are here to help.

Get in touch with a specialist in your industry today.