On June 15, 2023, the residents of Spring Valley, IL woke up to the sobering news that St. Margareth’s Health hospital, one of only a few hospitals in the region, would be closing. The cause of the closure? A devastating cyber attack.
After falling prey to cybercriminals, the hospital’s personnel were unable to submit claims to insurers, Medicare or Medicaid for months, which ultimately spelled its financial doom.
The St. Margareth’s incident is not an outlier. In fact, ransomware attacks cost an average of $1.8 million when the victim is an organization in the healthcare industry.
Ransomware Attacks on Healthcare Facilities Have More Than Doubled in Five Years
The ongoing rise of cyber threats has caused sleepless nights for CISOs and IT professionals at organizations of all sizes and in every industry, but given the critical nature of healthcare infrastructure, the threat to hospitals is even larger.
Hospitals and healthcare facilities have become prime targets for cybercriminals for several reasons.
- First, hospitals hold a treasure trove of sensitive patient data, making them lucrative targets for cyberextortion. Recent examples, such as the attacks on the aforementioned St. Margareth’s Health hospital in Illinois, highlight the severity of these incidents.
- Moreover, the critical infrastructure within hospitals, including life-saving medical devices and systems, means they are more likely to pay a ransom to regain control quickly after an attack. The stakes are too high to gamble with patient lives.
- Lastly, healthcare facilities often suffer from a lack of robust cybersecurity measures as well as unprotected, understaffed and overworked employees, making them easier targets for attackers.
Unfortunately, healthcare IT teams usually face an uphill battle as 9 in 10 healthcare organizations dedicate less than 20% of their IT budget to cybersecurity.
As a result, they are often left grappling with limited resources, understaffing, inadequate budgets and can tend to prioritize securing large enterprise deployments, while overlooking the vulnerable access points created by a vast number of employees logging in and out of systems every day.
These oversights in access security create vulnerabilities that can be exploited by malicious actors seeking unauthorized access to sensitive data.
Passwords Are a Vector – So Are Privileged Users
The reality is that weak passwords and the reuse of credentials are common practices within healthcare facilities. Employees may resort to writing down passwords on sticky notes or using easily guessable combinations for the sake of convenience.
In an environment where legions of medical professionals, salespeople, contractors, patients and internal personnel come and go every day, all it takes is one incident to pose significant security risks within a healthcare facility. In some cases, entire departments might share the same credentials, further compromising security.
Privileged users pose a hidden risk as well.
While IT teams play a crucial role in maintaining the technical infrastructure of healthcare facilities, privileged users extend beyond this realm. Anyone who touches billing tools or has elevated access to critical systems becomes a privileged user, possessing the keys to a kingdom of patient data.
The inherent danger lies in the fact that these privileged users often operate without proper oversight or stringent access controls.
Legacy Privileged Access Management (PAM) tools are designed only for the most technically savvy IT administrators and lack the intuitive interfaces that would appeal to privileged users in non-IT roles.
These legacy solutions also take 6-12 months or more to be deployed. In environments with high staff turnover, such as healthcare organizations, long timelines are often extended even further.
Finally, legacy solutions are often prohibitively expensive and require large sums for training, installation and ongoing professional services. Roughly 50% of the total revenue for legacy PAM solutions comes from professional service packages that customers have no choice but to purchase alongside the core systems.
Enhancing Security Without Breaking the Bank
With a workforce that operates under tremendous pressure, finding time to train them on new security tools is a luxury healthcare facilities often cannot afford.
To combat the pressing issue of weak passwords and insecure privileged user access, healthcare facilities must prioritize cost-effective solutions that fit their budget, simplify the end-user experience and are easy to deploy to enhance security without hindering their operations.
A next-gen PAM solution, such as Keeper Security, offers a scalable all-in-one platform that grants privileged users the necessary access without compromising security, and provides only the features needed by the organization without the superfluous and expensive additional features that go to waste.
These tools provide fine-grained control over user permissions, enabling healthcare facilities to limit access based on job roles and responsibilities.
With comprehensive monitoring and auditing capabilities, healthcare organizations can mitigate the risk posed by privileged users and swiftly detect any suspicious activities.
Additionally, Keeper Security’s efficient deployment ensures that healthcare facilities can bolster their security posture without lengthy implementation timelines.
Request a demo of Keeper today to protect your healthcare organization.