As 2024 looms ahead, cybersecurity experts examine current trends and how they may evolve and impact the healthcare industry over the coming year. Fierce Healthcare reports, “the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) had received 541 notices of data breaches affecting more than 500 individuals during 2023. Among these were incidents that compromised the information of millions, or even tens of millions, of individuals, as was the case with this summer’s high-profile breach at HCA Healthcare.”
Cyberattackers more often leverage software vulnerabilities as their point of entry, say multiple experts in the article. Our own Chief Strategy Officer, Sonu Shankar, says that basic hygiene, like routine password rotation, is a practice that needs to be incorporated by security teams in the industry.
Read the full article at Fierce Healthcare here.
“Fundamental security hygiene” with connected devices should be among the top cybersecurity focus areas for healthcare leadership teams, Sonu Shankar, chief strategy officer of extended internet-of-things security firm Phosphorus, told Fierce Healthcare. Because the legacy approach to cybersecurity prioritized monitoring and controlling network traffic, it’s now “very common” for in-use medical devices to still be running with their default passwords, he warned.
“There isn’t a lot of awareness around this being a problem,” Shankar said. “The first step here would be to get a real accurate inventory of every connected thing out there in a hospital environment, in a clinical environment, that could potentially be taken over for a variety of cybercriminal objectives.”
