Cyberattacks in 2022 and what hospitals, health systems can learn going into 2023

The number of patient records compromised in 2021 more than 50.4 million will likely be matched or exceeded in the healthcare industry. The HHS Office for Civil Rights recorded 594 data breaches between January 1 and October 31, 2022, with an average of 60 breaches being reported monthly. The majority of these significant breaches were related to outside vendors. For instance, Advocate Aurora Health, which has offices in Downers Grove, Illinois, and Milwaukee, has experienced this year's biggest healthcare data breach. The health provider disclosed that 3 million patient records were compromised as a result of installing the third-party tracking programme Meta Pixel on its website and patient portal. 

There are several steps that hospitals and other healthcare organizations can take to prevent cyber attacks:

• Implement strong passwords and use two-factor authentication: Use strong, unique passwords for all accounts and devices, and enable two-factor authentication whenever possible. This can help prevent unauthorized access to systems and data.
• Keep software and security systems up to date: Ensure that all software and security systems, including antivirus and firewall programs, are kept up to date with the latest patches and updates.
• Use secure networks and devices: Use secure, encrypted networks for all electronic communications, and ensure that all devices used to access sensitive data are secure and up to date with the latest security patches.
• Train employees in cybersecurity best practices: Educate employees on the importance of cybersecurity and how to identify and prevent potential attacks. This can include training on topics such as phishing scams, secure password management, and the importance of keeping systems and devices up to date.
• Conduct regular security audits and assessments: Regularly assess the organization's cybersecurity posture and identify any vulnerabilities that need to be addressed.
• Implement a incident response plan: Develop a plan to quickly respond to and mitigate the effects of a cyber attack if one does occur. This should include procedures for identifying the attack, mitigating its effects, and restoring affected systems and data.

By implementing these measures, hospitals and other healthcare organizations can significantly reduce the risk of cyber attacks and protect sensitive patient data.