The health care industry faces two major cybersecurity threats. First, the transition from paper record-keeping to electronic health records has exposed sensitive personal data previously locked away in cabinets to malicious cyber actors. The industry-wide push to expand the interoperability of these health records has exacerbated the situation by boosting the number of internet access points IT professionals must defend. Because so many health care entities exchange data, it is very difficult for a single company to control and secure customer information. Those in the health care industry who manage technology systems may hold mistaken beliefs about the security of encrypted data.
Another arguably more urgent concern is the vulnerability of hospital equipment and Internet of Things medical devices. Critical lifesaving services may rely on outdated operating systems, outdated hardware and unmonitored connections to vulnerable networks. Adding to those concerns, the rise in telemedicine and mobile application development has led to a growing number of physicians and hospital employees using insecure mobile devices to conduct medical business. However, legacy devices cannot always be updated to fix existing vulnerabilities, while newer equipment may not employ the best security measures. Medical personnel who do not consider cybersecurity on a daily basis may misuse technology, compromising otherwise secure devices. Though IT professionals might recognize the threat and propose solutions, they might lack the necessary support and resources. The industry faces an acute cyber workforce shortage, and existing leadership may not prioritize cybersecurity.