US health care sector’s cybersecurity is paralyzed

The Healthcare Cybersecurity and Communications Integration Center (HCCIC) was created to analyze and share information relevant to cyber threats across the industry. Its success includes providing early warnings of the WannaCry ransomware attack, but the HCCIC was left paralyzed when its top two officials were removed for corruption.

Congressional leaders have noted that their stakeholders aren’t even sure if this body still exists, and if it does, who is running it or what its responsibilities are.

Healthcare industry cyberattacks increase

With the lack of national leadership on cybersecurity, the health care industry has seen an increase in cyber attacks. According to Rapid7 Research’s quarterly threat report in May, the health care industry was persistently troubled by a range of attacks during the first quarter of the year. As a result, many ranked it the top targeted industry, above previous leaders the finance, administrative, and professional services sectors. Pwnie Express’s survey corroborated Rapid7 Research’s report, concluding that the health care and public health sectors are ill-prepared for cyber attacks.

The industry’s wide array of insurance and billing data is a valuable commodity for criminal hackers, making health care a prime target. Additionally, hospitals use older computers and other equipment that are tougher to update as operating systems get more advanced. They also use medical equipment such as MRI systems and other devices that connect to the Internet, making them easy targets for criminal hackers.

Cybersecurity webinar

To help medical centers fully concentrate on patient care, IT Governance USA is offering its Conducting a cybersecurity risk assessment webinar for free. It covers:

• The five-step approach to conducting a risk assessment
• Information security versus cybersecurity
• Choosing appropriate risk treatment options
• Unpacking the key controls necessary for effective cybersecurity
• Reviewing, monitoring and reporting on the risk assessment
• ISO 27001 and effective information security risk management

We also offer a Combined Infrastructure and Web Application Penetration Test, which helps to identify potential vulnerabilities in your infrastructure, websites.

For more information and to discuss cybersecurity solutions visit our website or contact us to speak to one of our experts.