The U.S. Department of Health and Human Services Office of Civil Rights’ Breach Portal paints a bleak picture.
The portal, which shows active investigations regarding data breaches in healthcare, states that there are currently 834 open investigations since August 2019, impacting about 55,950,159 individuals across the United States.
Looking into these breaches further, approximately 77% of these nationwide attacks occurred through email – via phishing, or malicious documents – or by gaining access to the network server itself. This not only speaks to volume and the sophisticated nature of these attacks, but it also tells us how successful cybercriminals have been at targeting two primary entry points.
What is startling, however, is that 73% of these data breaches were as a result of hacking, as opposed to unauthorized access or theft. In Maryland alone, there were 23 breaches with nearly 87% being as a result of hacking. For comparison, our neighbors to the south in Virginia experienced only 14 data breaches in this same timeframe.
Needless to say, Maryland remains on the front lines of cyberattacks and we all could do better to care for critical healthcare providers. While cybersecurity is a major concern for critical infrastructure control systems and has rightfully been the focus of attention by the Biden administration, we cannot forget about the importance of healthcare data and infrastructure.
At a time when health systems are still reeling from the ongoing COVID-19 pandemic, we cannot afford a significant breach. The Greater Baltimore Medical Center, which sees over 52,000 emergency department visits a year, was a ransomware victim in December. That attack took several systems, including phone lines and online patient-facing portals, offline for nearly a month. While GBMC was able to provide care during this time, it demonstrates our reliance on IT services and systems as critical infrastructure.
Outside of Maryland, Memorial Health System became the latest ransomware victim in August. The fallout from this attack disrupted care and caused the Ohio and Virginia-based health system to refer patients outside of the organization to receive treatment.
As attacks get more sophisticated and more prevalent, we must ensure these vital health systems remain online and able to provide care to patients. And to do so, we must identify security solutions that empower organizations while also examining ways to plug holes in our critical healthcare infrastructure.
We have some great resources in our own backyard. Many of Maryland’s technology companies have roots in the intelligence space. They took their insights and started companies with the goal of bringing more powerful, agile, technology to market. Today, these companies benefit from the relative ease of doing business in the state as well as the proximity to big hubs, like New York City and Washington D.C. as well as the talent coming out of the National Security Agency as well as Maryland’s Colleges and Universities.
There is a strong, sustained desire to ensure Maryland remains on the cybersecurity map. Security technology companies like Ellicott City-based managed detection and response company Blackpoint, Hanover-based industrial cybersecurity company Dragos, Columbia-based data security company Enveil, Baltimore-based cyber workforce company Point 3, Baltimore-based healthcare compliance analytics firm Protenus, Fulton-based security storage company RackTop, Columbia-based cyber exposure company Tenable and Baltimore-based social media and digital risk protection company ZeroFox, have developed cutting-edge solutions that sit on the front lines of protecting our healthcare institutions. Organizations like bwtech@UMBC, DataTribe, Emerging Technology Centers, Gula Tech Adventures, MasterPeace LaunchPad and TEDCO, foster new company growth by providing office space, financial resources, guidance, and education to early-stage founders who have a dream.
Integrators like CTI build total security solutions for healthcare institutions and, in response to increasing cyberattacks stemming from the COVID-19 pandemic, the Cybersecurity Association of Maryland launched a Cyber SWAT Team Hotline to provide coordinated breach responses to cyberattacks.
Maryland and the DMV remain incredibly fertile ground to grow the cybersecurity expertise, skills and knowhow to protect our critical healthcare infrastructure from cybercriminals and other threat actors.
As we have seen, ransomware and other malicious cyberattacks are unfortunately here to stay. I believe that while we need to work with the international community to negate these attacks, the resources to help protect healthcare systems and other critical cyber infrastructure can be in our own backyard.-30-