Page 200 - Cyber Defense eMagazine March 2024
P. 200

attacks can cause significant financial losses, data breaches, or damage to the reputation of healthcare
            organizations. In January 2020, a BEC attack on the Children's Hospital of Philadelphia resulted in a loss
            of $1.3 million, as the attackers posed as a construction company and requested payment for a project.



            Impact on Patient Care and Safety

            Cyberattacks on healthcare organizations can have severe and potentially life-threatening consequences
            for patient care and safety, as they can:

               •  Delay or disrupt the diagnosis, treatment, or monitoring of patients, especially those who require
                   urgent or critical care.
               •  Compromise  patient  records'  accuracy,  availability,  or  confidentiality,  which  can  lead  to
                   misdiagnosis, medication errors, or identity theft.
               •  Affect the functionality or performance of medical devices, such as pacemakers, insulin pumps,
                   or ventilators, which can endanger the lives of patients who depend on them.
               •  Cause physical or psychological harm to patients, staff, or visitors due to the stress, anxiety, or
                   fear caused by the cyberattacks or their aftermath.



            A study conducted by Vanderbilt University has revealed that hospitals that suffer a data breach tend to
            have a higher mortality rate among heart attack patients. Such hospitals also require more time to conduct
            an electrocardiogram and a more extended stay. The study estimated that every year in  the United
            States, around 2,100 additional deaths could be linked to data breaches in hospitals.



            Solutions and Best Practices

            To protect the healthcare industry from cyber threats and challenges and to ensure the safety and quality
            of patient care, there are some possible solutions and best practices that can be implemented, such as:


               •  Adopting a risk-based and proactive approach to cybersecurity that identifies and prioritizes the
                   most critical assets, systems, and processes and implements appropriate controls and measures
                   to protect them.
               •  Implementing a comprehensive and robust cybersecurity framework that covers cybersecurity's
                   technical, organizational, and human aspects and follows the standards and guidelines of relevant
                   authorities, such as the FDA, the HIPAA, or the NIST.
               •  Enhancing the awareness and training of healthcare staff, vendors, and partners on cyber threats
                   and challenges and the best practices and policies to prevent, detect, and respond to them.
               •  Investing in the latest and most secure technologies, tools, and solutions can improve the  IT
                   security  risk  management  and  resilience  of  healthcare  systems,  networks,  and  devices  and
                   enable the detection and mitigation of cyberattacks.








            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          200
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   195   196   197   198   199   200   201   202   203   204   205