Healthcare Carries a Large Target for Ransomware
Donald Lodge, Elissa McKinley
With all the focus on the confidentiality of protected health information (PHI) in healthcare, it’s easy to forget about the looming threat of ransomware. CISA identifies healthcare as a critical infrastructure and it’s easy to see why; this sector cares for people through crisis and joy, and needs to operate 24/7 to care for everyone. A malicious actor can target this sector to achieve financial or political goals. In the future, these attacks could lead to patient harm, injury or even death as the sector continues to rely and expand its footprint in technology to support patient care operations.
In most healthcare organizations there are a multitude of threat vectors that can be exploited, it’s just a matter of finding the weakest link. Often the weakest link is people, and most healthcare systems have lots of employees. An organization can have state of the art security technologies but can still fall victim to a ransomware attack. It may only take one person to click on something to set off a chain of catastrophic events. Training staff is therefore vital to prevent these attacks from being successful. But even training is no guarantee that a healthcare system will not grind to a halt because of a ransomware attack.
As the world pivoted to...