Could 2021 be the year that healthcare finally gets smart about cybersecurity? Many in the industry say real change needs to happen as the situation has become a matter of life and death.
Hospitals are facing a new wave of ransomware attacks even as they also struggle to confront a nationwide surge in COVID-19 cases. There was also a recent report out of Germany of the first patient death directly tied to a ransomware attack.
Research suggests that healthcare organizations lack the necessary money, tools, and talent to address the biggest cybersecurity threats. In the face of rising threats, the next year could see healthcare organizations getting serious about security by putting in real investment and commitment from the top-down, experts say.
“With hackers setting their sights on healthcare, the gravity of recent attacks has finally woken up the healthcare community as the impact of inadequate security is causing downtimes in hospitals where elective procedures are put on hold and patients are diverted to other facilities,” said Caleb Barlow, CEO and president of cybersecurity firm CynergisTek.
Here are six trends and threats healthcare can expect to see in 2021, according to security leaders:
1. Cyber attackers will target the vaccine rollout: This year, hackers leveraged the COVID-19 pandemic to distribute a series of phishing scams to unsuspecting victims. The number of legitimate emails sent on the topic allowed phishing emails to hide in plain sight, according to LogRhythm’s chief security officer James Carder.
“As the race to secure and distribute a vaccine continues, the public will once again seek information on new developments. Attackers will purchase domains and craft emails with this in mind. The amount of content, combined with the thirst for knowledge, will set the stage for a further increase in phishing attacks,” he said.
Contact tracing apps also have created a fresh surface to exploit and could be a target, according to Experian’s data breach industry forecast for 2021. Many government organizations may not employ sufficient security protection, making these new tools a boon for hackers looking to steal personal data in 2021, the company said.
2. M&A healthcare deals may be thwarted by security concerns: 2020 highlighted how security issues crippled hospitals globally and any disruption in operations caused by hackers can steeply impact the bottom line and potentially undermine deals, Barlow said.
“As the C-suite increasingly recognizes how security is a business problem in healthcare, expect to see executives taking a closer look under the hood and assessing security vulnerabilities on potential acquisition targets,” he said.
3. Hospitals will focus on shoring up supply chains: Healthcare chief information security officers need to know the level of risk in their supply chain but, today, most CISOs have little insight into their systems.
If ignored, hackers will continue to exploit these weaknesses and disrupt operations, according to Barlow.
“Leaders must take time to understand where the system’s weaknesses lie and ensure vendors also prioritize security and data privacy—because in today’s hyper-connected world, we’re only as good as our weakest link,” he said.
4. CIOs will have to cope with reduced budgets: After years of acceleration, IT spending decreased nearly 10% in 2020. This trend is expected to continue in 2021, as Forrester predicts that U.S. tech investments will fall 1.5%, a $135 billion drop from 2019’s peak.
“Despite budget-related adversity, CIOs must still close the digital transformation gap within their organizations. As such, convergence and simplicity will be key,” said Anurag Kahol, chief technology officer and co-founder of Bitglass.
CIOs will turn to technologies that integrate multiple services into one platform to recognize larger cost savings. For example, secure access service edge (SASE) platforms will have a major impact in 2021 as they will replace a number of disjointed point products and extend consistent protections to all enterprise IT resources through a single control point, he said.
5. Weaponized AI will emerge: Threat actors will leverage machine learning (ML) to accelerate attacks on networks and systems, according to security firm BeyondTrust.
ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems and environments.
“This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing,” BeyondTrust reported.
6. Virtual care and 5G networks pose new security risks: The rush to develop and implement telehealth technology and a host of other digital health services during the COVID-19 pandemic could make it even easier for cybercriminals looking to gain access to private medical records in the coming year, according to Experian.
“Small and underfunded clinics have traditionally been targets for breaches. These providers are particularly at risk as they navigate the world of telehealth, falling even further behind their peers as they hurry to adopt a system in 2021,” the company said.
As healthcare organizations implement 5G technology, it could present an opportunity for cybercriminals. What makes 5G unique is its speed. What makes it concerning is the billions of new endpoints susceptible to attack, according to Experian.
In healthcare, 5G is expected to revolutionize telehealth with its quick speeds and ability to transport data. But the connection to an always-on network leaves devices open to cybercrimes and security threats, whether it’s a cell phone, car or online healthcare portal, Experian said.