Page 200 - Cyber Defense eMagazine March 2024
P. 200
attacks can cause significant financial losses, data breaches, or damage to the reputation of healthcare
organizations. In January 2020, a BEC attack on the Children's Hospital of Philadelphia resulted in a loss
of $1.3 million, as the attackers posed as a construction company and requested payment for a project.
Impact on Patient Care and Safety
Cyberattacks on healthcare organizations can have severe and potentially life-threatening consequences
for patient care and safety, as they can:
• Delay or disrupt the diagnosis, treatment, or monitoring of patients, especially those who require
urgent or critical care.
• Compromise patient records' accuracy, availability, or confidentiality, which can lead to
misdiagnosis, medication errors, or identity theft.
• Affect the functionality or performance of medical devices, such as pacemakers, insulin pumps,
or ventilators, which can endanger the lives of patients who depend on them.
• Cause physical or psychological harm to patients, staff, or visitors due to the stress, anxiety, or
fear caused by the cyberattacks or their aftermath.
A study conducted by Vanderbilt University has revealed that hospitals that suffer a data breach tend to
have a higher mortality rate among heart attack patients. Such hospitals also require more time to conduct
an electrocardiogram and a more extended stay. The study estimated that every year in the United
States, around 2,100 additional deaths could be linked to data breaches in hospitals.
Solutions and Best Practices
To protect the healthcare industry from cyber threats and challenges and to ensure the safety and quality
of patient care, there are some possible solutions and best practices that can be implemented, such as:
• Adopting a risk-based and proactive approach to cybersecurity that identifies and prioritizes the
most critical assets, systems, and processes and implements appropriate controls and measures
to protect them.
• Implementing a comprehensive and robust cybersecurity framework that covers cybersecurity's
technical, organizational, and human aspects and follows the standards and guidelines of relevant
authorities, such as the FDA, the HIPAA, or the NIST.
• Enhancing the awareness and training of healthcare staff, vendors, and partners on cyber threats
and challenges and the best practices and policies to prevent, detect, and respond to them.
• Investing in the latest and most secure technologies, tools, and solutions can improve the IT
security risk management and resilience of healthcare systems, networks, and devices and
enable the detection and mitigation of cyberattacks.
Cyber Defense eMagazine – March 2024 Edition 200
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.