According to the 2017 Threat Report of Cylance, cyberattacks that occurred in 2017 “proved more numerous, sophisticated, and ruthless than in years past.”
Developers offering Ransom-as-a-Service (RaaS), had more business opportunities during the past year, as well. In fact, the report states that ransomware attacks grew threefold in 2017, affecting all verticals, but having the most impact on the healthcare industry.
In 2016, health records of 16.6 million Americans were exposed according to the U.S. Department of Health and Human Services primarily due to hacking and unauthorized disclosures. That year, healthcare was the fifth most targeted sector when it comes to cybercrime.
Cybercriminals have been targeting the healthcare industry for quite some time and attacks have increased since at least 2015.
Why has healthcare become a desirable target for cybercrime?
1. Most healthcare service providers have a huge database of information
According to Christopher Budd, former Global Threat Communications Manager of Trend Micro, “Healthcare data represents the ‘holy grail’ in terms of data theft.” He pointed out that when criminals steal credit card data, they can only use that until the cards are cancelled. But when it comes to one’s social security number which is typically found in all healthcare database, no one can cancel his/her social security number.
Data stolen from the healthcare industry can easily be used for identity theft. Criminals can use them for opening accounts or even blackmail.
According to the US Department of Health and Human Services, the data of 120 million customers have been compromised from more than 1,100 different breaches on healthcare organizations since 2009.
2. The healthcare industry relies heavily on technology
A study explains how health care has become increasingly dependent on technology to automate almost all aspects of patient care, as evidenced by different types of systems ranging from billing and accounts management to computerized provider order entry (CPOE) to sophisticated image-guided surgery systems and even non-medical systems such as security monitors.
In addition to hospital equipment, more devices are being attached to and/or embedded into the human body such as digital pacemakers or fitness monitors. The spread of IoT, in particular has also made it easier for cybercriminals to hack into the healthcare sector. The increasing number of these devices connecting to the internet has also increased the number of potential access points for cyberattacks. Thus, if there will be any interference with the signals of a robotic surgical tool, for example, the effects could be catastrophic.
3. Healthcare is classed as national critical infrastructure
The healthcare sector is classed as national critical infrastructure alongside electricity, water, and transport networks. This, alone, makes it a desirable target for hackers who want to cause chaos, especially those criminals who come from a hostile foreign country. Furthermore, if a cybercriminal attacks a healthcare organization that is part of a wider network of infrastructure, this could provide hackers a way into other critical facilities.
How can healthcare be protected from cyberattacks?
1. Educate all employees on cybersecurity
Do not leave cybersecurity in the hands of the IT department. All employees should at least be trained on the basics of cybersecurity. According to a report, “90% of all cyber claims stemmed from some type of human error or behavior.” Employers need to invest in the training of their workers. The cost of doing this is significantly lower compared to tens of thousands or hundreds of thousands, maybe even millions of dollars that the organization will spend if attacked by cybercriminals.
2. Make sure that the organization’s systems are regularly backed up
A company is hit with ransomware every 40 seconds and the average ransom demand in 2017 was $1,077 compared to only $294 in 2016. With the rapid increase of ransomware cases, organizations should always have a backup to pull from so as to minimize service disruption as well as to avoid having to pay hackers.
3. Organizations need to take time to perform an audit of their cybersecurity strategy
Organizations need to identify potential problem areas in their cybersecurity strategy. This should include the evaluation of their emergency response plan or developing a new one. Management should have at least one dedicated cybersecurity expert for their organization. Due to healthcare’s dependence on technology, it is of utmost importance that cybersecurity is always a priority in the healthcare sector.
4. Partner with third-parties that will help develop the best cybersecurity strategy for the company
There are cases where organizations may have strong security measures but their vendors have less stringent security measures and this may lead to a security gap. With so much vital information contained in the healthcare sector’s database, it is best to make sure, therefore, that you get the best cybersecurity strategy for your health organization.
Netswitch offers a variety of managed security services that fit the needs of every type of organization.
Our cybersecurity experts are always on hand to answer your queries or to assist you with your cybersecurity needs.
Contact Netswitch today.