for Civil Rights. That figure is up more than 104% from 160 breaches as of mid-2022 and shows “no signs
            of abating,” according to a report from Fortified Health Security.

            The  breach  of  Fortra's  GoAnywhere  secure  file  transfer  software  in  February  2023  was  particularly
            severe, affecting over 5 million healthcare records. Additionally, healthcare business associates, who
            play a vital role in the healthcare ecosystem, have also become increasingly targeted, with  reported
            breaches jumping from 22 to 82, a 273% increase compared to the previous year.




            HIPAA and GDPR: A Shield Yet Insufficient

            To counter these risks, the U.S. healthcare industry adheres to the Health Insurance Portability and
            Accountability  Act  of  1996  (HIPAA),  which  governs  the  security  of  electronically  protected  health
            information (ePHI). HIPAA's key components include the Security Rule, the Privacy Rule, and the Breach
            Notification Rule. The European healthcare industry is protected by GDPR which provides safeguards
            for personal health data.

            Despite these rigorous regulations, the healthcare sector has witnessed an increase in cyberattacks. The
            dependence  on  interconnected  systems  and  IoT  devices,  alongside  the  critical  nature  of  healthcare
            services, makes these institutions particularly vulnerable. The NIS2 Directive in Europe, which is set to
            take effect in October 2024, will mandate that healthcare organizations protect patient data from cyber
            threats to help address these issues. This includes implementing cyber risk management measures,
            establishing a clear incident-reporting process and securing patient data with proper storage and handling
            practices.

            The Rising Menace of Ransomware Attacks

            Ransomware attacks in particular, where cybercriminals encrypt critical data and systems, have become
            increasingly common and devastating in healthcare. In 2022, a survey by the Ponemon Institute revealed
            that 45% of healthcare IT professionals reported ransomware attacks impacting patient care. A striking
            example of the vulnerability of healthcare systems to cyber threats occurred in 2023, when Prospect
            Medical Holdings, a healthcare system operating 16 hospitals and over 165 clinics and outpatient centers
            across Connecticut, Pennsylvania, Rhode Island, and Southern California, fell victim to a ransomware
            attack. This cyberattack forced the closure of some facilities and left others relying on paper records,
            significantly disrupting healthcare services.


            Proactive Measures for Enhanced Cybersecurity

            Given these challenges, healthcare organizations need to take a proactive and comprehensive approach
            to cybersecurity. Despite huge advances in medical technology, limited budgets and a hesitancy to learn
            new  systems  means  that  not  every  aspect  of  the  healthcare  industry  has  kept  pace.  It’s  critical  for
            hospitals using techniques that still release system updates to keep all software equipped with the most
            recent version. This measure keeps systems reasonably secure but eventually vendors will stop providing
            updates as the software moves into “end-of-life” status.






            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          31
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.