Top healthcare cybersecurity predictions for next year

Over the course of the next year, healthcare organizations will likely continue to grapple with ransomware attacks, a cybersecurity workforce shortage, and challenges surrounding healthcare cybersecurity program implementation.

The healthcare industry has seen a boom in digitization in recent years. Cybersecurity is one of the most critical aspects of the healthcare sector as it protects valuable insights, healthcare information, and patients’ personal information.

2022 healthcare cybersecurity predictions look a lot like 2021, but with more risk on all fronts. More attacks, more vulnerabilities and more need to prepare.

Essential healthcare cybersecurity strategies for 2022
No business or practice is immune to cyberattacks, even smaller ones. In fact, small and midsize businesses represent 60 percent of attacks! That’s why it is important to have and implement an all-inclusive cybersecurity strategy. The three steps below work together to help keep data safe – and all are essential.

Well trained. The best cybersecurity healthcare strategy is likely to fail without a well-informed and well-trained team. Most breaches start when an employee clicks on a link in an email or provides information over the phone to a hacker. Given the sophistication of cyber criminals, it’s easy to see how an employee can be misled. The only solution, as one organization that was hacked said, is to have every employee be paranoid about security. This means organizations need staff (or consultants on retainer) with cybersecurity expertise to develop a comprehensive employee training program and who are readily available to answer questions or address concerns. Be sure to appoint one senior person to oversee these efforts. What’s more, these programs must be updated on a regular basis because cybersecurity is forever evolving. Cybercriminals are constantly inventing new ways to access valuable data. There is a high price to pay if you fail to keep your employees aware of the current cybersecurity healthcare environment. The average cost of a data breach has been reported as almost four million dollars!

Think hard about software. All healthcare organizations use and rely on technology. But when it comes to cybersecurity, the importance of having the most current and sophisticated software is crucial to protecting your organization. Check with software provider to secure the latest software updates and to find out other ways to keep data safe, including upgrading to newer computers. Antivirus software is essential to protect all devices from viruses, malware, ransomware, spyware and phishing scams. It is also important to implement strong password requirements and have experts available who can spot phishing and email scams. Although the learning curve can be steep – if the right software is not already in place – there is simply no option if one wants to minimize cyber risks.

Vet vendors. When it comes to third-party vendors, it is difficult to control precisely who has access to the shared data. That is why it is crucial to make sure the vendors you choose take HIPAA security compliance seriously and – best case scenario – are SOC2 and/or HITRUST certified. Among other requirements, these certifications indicate that a vendor has been fully educated in techniques to circumvent data breaches. Without this type of assurance, you risk creating a weakest link in your cybersecurity. While it is necessary to interact with third-party vendors, it’s also essential to do your homework and choose only reputable partners.

2022 healthcare cybersecurity predictions
As in 2021, but to an even greater extent, all practices and departments are vulnerable to cyber-attacks, data breaches, ransomware and more. Most attacks and breaches won’t make the news. But that does not reduce their impact. Firms that are not prepared will incur substantial costs and potential public embarrassment or worse. Firms that are well prepared are less likely to be attacked and, even if they are, will suffer much less damage.

Some of the 2022 predictions for payers in the healthcare industry include:
Cyber risk and regulatory challenges fuel security investments. Leading payers in search of more secure, resilient operating platforms are accelerating their movement to the cloud. Healthcare has found itself in the crosshairs of global ransomware gangs. The high value of healthcare data, coupled with limited investments in security, have led to a situation where frequent, institution-wide attacks are regular features in the news. Sophisticated payers are beginning to evaluate high-security cloud platforms as an alternative to large on-premises deployments. Working with cloud partners allows significant improvements in security, while reducing total liability to the healthcare payer. Advanced end-point security is also a growing investment priority, and investigations and forensic analysis technology will become necessary as the complexity and severity of attacks increase.

Hospital boards will demand security. With the record number of attacks over the past two years still trending up, hospital boards will push CEOs, CIOs, and CISOs to reduce risk. Boards will focus on closing the largest and most likely threat vectors to reduce the likelihood of successful attacks, but will also demand new protocols be put in place to cut recovery times from weeks and months down to days or even hours to limit the losses from network and device downtime.

Patching challenges will prompt actions. For years, hospitals have given low priority to patching or upgrading of the software on their medical devices, however as the rising number of known vulnerabilities continues to serve as one of the largest threat vectors, patching, and updating software will go from an afterthought to one of the main strategies to defend against attacks.

Expect hackers to explore new vectors. With the average number of healthcare security incidents rising from 3.3 per week in 2020 to 4.4 in 2021, expect the trend to continue to rise as medical devices and other critical unmanaged IoT devices become more attractive vector targets for ransomware attacks as well as easy entry/persistence points while attacking the clinical information systems.

Supply chains will demand priority attention. Supply chains will dominate the news in 2022 – but not just from pandemic related supply issues. As suppliers and customers attempt to get control of the supply chain issues, its expected there will be potential ripple effects across healthcare provider suppliers that will range from being cyber threat entry points to extending or spreading known vulnerabilities to causing bottlenecks in supplies due to their own shutdowns from ransomware attacks. More attention will surface from regulators as well.

Cyber insurance requirements will alter cybersecurity strategies. Pressure will rise as cyber insurance availability and safeguards will continue to shrink simultaneously as insurance costs escalate. To help qualify for and maintain cyber insurance, there will be more and more hospitals adopting micro-segmentation as part of their Zero Trust strategy.

Expect more governance and compliance. As clinical networks become more and more complex and heterogeneous, spreading from campus and branches up to the cloud, governance, risk, and compliance (GRC) teams will require greater assurances. Security teams will need to respond with technologies that automate security governance and compliance, based on common security frameworks and on an end-to-end visibility basis.

2022 looks like another year of technology-driven transformation in health, with the services members seek requiring significant investments in security, experience, engagement and automation. The payers that can quickly bring these capabilities to market will have clear advantages in the years to come.