1. Cybercriminals continue to take the path of least resistance
While attackers will continue to employ more sophisticated means to hack into healthcare systems, the dictum still applies that they will take the path of least resistance. “Just like us, cybercriminals try to be efficient,” says Jason Riddle. “If they find an easier way to get into our systems, they’ll take it.”
Verizon has indicated that cloud hacking will be one of the new key ways that cyber criminals enter our systems—stealing credentials and hacking into cloud-based email servers.
2. Mobile as a vector for cybercrime
Verizon also notes that mobile users will be the doorway to social engineering attacks. “Research shows mobile users are more susceptible to phishing, probably because of their user interfaces and other factors. This is also the case for email-based spear phishing and social media attacks.”
3. Healthcare cybercrimes as a public health risk
Due to the resultant impact on human lives after controls are put in place after an attack on a hospital network, cyberattacks should be treated as a threat to public health. Healthcare systems should continue to work together to diagnose issues and share best practices for protecting themselves from ransomware and data breaches.
4. Increased use of data analytics and machine learning
InfoSec will need data science and data analytics competencies to effectively detect and counteract advanced malware powered by AI/ML. Top cybercriminals keep pace as technology advances. To stay ahead, InfoSec will need to double down to keep companies safe by keeping security infrastructure accessible to healthcare institutions.
5. Convenience can’t come at the cost of security
Ultimately, supply and demand will define most structural healthcare changes in the next decade. Growing demands for more convenient, on-demand healthcare will be satisfied by healthcare institutions, at the risk of exposing even more doors to cybercriminals.
6. The rise of ransomware as a result of cyberattack insurance
Despite calls from the FBI and the cybersecurity community, cybercrime may only increase as ransomware attacks result in payment to cybercriminals. As cyberattacks become more and more disruptive, it is likely that more hospital systems will purchase more cyber insurance to protect against attacks. This seems to embolden cybercriminals to continue to use ransomware to demand payments from healthcare institutions that have the protection to pay larger and larger ransoms. Eventually, this cycle must stop.
7. Consumers will demand greater accountability
Data mismanagement increasingly leads to distrust from consumers. As more healthcare data breaches unfold, consumers will begin demanding higher levels of security regarding their personal information. Reputation will matter more and more.
“Informed consumers will demand increasing accountability, integrity, and transparency from their health systems,” writes Christine Walters of PwC.
8. Younger generations will be better equipped to avoid cyber risks
“My exposure to electronic records is very limited. Every year I learn more and get a little more comfortable with it. My daughter, who is in medical school right now, could probably do 10x more with it. With every new generation of doctors coming out of residency, the system is going to get much better,” says Dr. James Botsko, MD.
9. Electronic medical records advanced by 5G
5G technology could revolutionize hospital networks in major metro areas—MPLS or WANS could be replaced with 5G broadband, directly connected to biomedical devices and systems containing PHI.
10. Consumers & industry advocates will demand government intervention to combat cybercriminals acting from safe havens (e.g. Russia, China, etc.)
A theme of modern cybercrime is that technology advances as quickly for malicious actors as for whitehat developers. The 2016 U.S. Presidential election brought attention to the possibility of foreign governments interfering in our business. The coming years will see continued demand for our government to intervene on behalf of businesses and individuals to prevent similar hacking from foreign governments on U.S. citizens and businesses.