Cyber security risks in the Healthcare Sector

Businesses operating in the healthcare sector tend to hold a large volume of complex data, and this data is highly attractive to cyber criminals, increasing their cyber security risk exposure. In fact, according to Agari, a company dedicated to email security, 67% of healthcare businesses in the UK have experienced a cyber security incident within the past 12 months.

To help you mitigate the likelihood of an attack, you’ll find below some of the most common cyber security risks that occur in the healthcare sector, which could be a threat to your organisation.

The top five cyber security risks in the Healthcare Sector

1.     Viruses introduced from third party devices

Healthcare networks are often so large that it is sometimes difficult for IT security teams to keep track of all devices connected. Every device that is connected to the network, including things like USB sticks and mobile phones, creates another entry point for digital threats. If there is an open back door in the form of a third party device, the entire network will remain at risk.

In Agari’s recent survey, 48% of all healthcare cyber incidents in the past 12 months have been the result of malware or viruses from third party devices.

When USB flash drives/memory cards are openly shared, it becomes hard to track what they contain, where they’ve been, and who has used them. To reduce the likelihood of a cyber infection through third party devices, the National Cyber Security Centre recommends you to:

• Block access to physical ports for most users
• Use antivirus software
• Only allow approved drives and cards to be used within your organisation

2.     Employees sharing information with unauthorised personnel

The research by Agari found that 39% of data breaches within healthcare occurred as a result of employees sharing sensitive data with unauthorised recipients. Incidents such as these are often solely down to human error rather than malicious intent, but this alarming statistic highlights how easily an organisation’s data can be put at risk.

To minimise the risk to your business, it is vital that your employees are at the core of your data protection strategy. They should be educated on the risks of data sharing and understand your cyber security policies, including what to do if an incident occurs.

3.     Links in emails/social media posts

28% of those surveyed by Agari, identified malicious content entering their organisation’s network through email or social media links as another key cyber security risk in the healthcare sector. In this scenario, cyber criminals  target employees by sending them infected URLs, in the hope they will be clicked on. Once the URL is clicked, the network is compromised, and access can be gained to sensitive information or viruses released onto the network.

This is why it is extremely important that your staff are trained and can successfully identify a phishing email or suspect link on social media. For tips on how you can spot a phishing email, you can read our blog here.

4.     Downloading Files

A further 28% surveyed by Agari discovered that downloading files or images was a key cyber security risk in the healthcare sector. Just like infected links, files and images can also be infected and used to gain access to sensitive information present in the network.

Techniques can be deployed to combat this, such as software to detect harmful code embedded in documents and images, which can mitigate cyber security risks in the Healthcare sector.

5.     Employees not following data protection policies

General policies such as GDPR along with more industry specific ones, like the common law duty of confidentiality, exist to protect data in healthcare organisations.  However, according to Agari’s survey, 37% of respondents identified this as a key cyber security risk in the healthcare sector, demonstrating that employees are not following these protocols.

Again, this risk can be mitigated by improving employees’ understanding of data protection policies, and knowledge of how to respond when a policy is breached. This can be achieved through training; from initial employee induction to regular reminder sessions to keep the information front of mind.

Although measures can be put in place to lower the risk, methods to infiltrate networks are ever evolving. Creating a cyber response plan will be vital for your business and this should be supported with a comprehensive insurance solution. The operational, legal, and reputational impacts of an attack could be substantial, so it’s a good idea to partner with a broker that understands cyber threats and can arrange cyber liability insurance to support your overall strategy.

If you would like to learn more about how Cyber Liability Insurance can financially protect your business against an incident, please get in touch.

You can call us on 01480 272727 or email us at enquiries@barnesinsurancebroker.co.uk to start your cyber conversation today.

Sources:

1. https://contentsecurity.com.au/cyber-security-concerns-in-healthcare/
2. https://www.agari.com/blog/top-cybersecurity-threats-uk-healthcare-sector#:~:text=In%20fact%2C%20research%20from%20a,over%20the%20last%2012%20months
3. https://www.ncsc.gov.uk/collection/small-business-guide/protecting-your-organisation-malware
4. https://transform.england.nhs.uk/information-governance/guidance/consent-and-confidential-patient-information/#:~:text=In%20common%20law%2C%20there%20is,disclosed%20without%20that%20person’s%20consent.