Recent world events, such as the rising international tensions with Iran, are focusing more attention on the threat of nation-state sponsored cyberattacks against the nation’s information infrastructure. While U.S. government cyber defenses are believed to be strong, there’s growing concern that the nation’s healthcare system and individual provider organizations could fall prey to concerted attacks, according to recently published guidance from the Association for Executives in Healthcare Information Security.
The publication, prepared by the AEHIS Incident Response Committee, notes that “even a nation without great military might can possess the potential to unleash havoc” on IT infrastructure. “Even if not explicitly targeted, hospitals need to consider that their systems could still be impacted as collateral damage in a cyberattack scenario.”
The risks are great, according to a separate assessment by Caleb Barlow, CEO of cybersecurity firm CynergisTek, who expects Iranian cyberactors will initiate destructive “wiper” attacks to erase and disable key systems and cripple organizations on the US mainland. He predicts hospitals and healthcare organizations will be top priority targets because of their relatively weak security and the opportunity they present to generate significant cost and impact on the public.
To be prepared, hospitals must implement controls and plans to deal with state-sponsored cyberattacks, the AEHIS guidance urges, offering these 17 steps as essential in protecting healthcare organizations’ data assets.