As our medical devices evolve to be more connected with each other in the digital age, healthcare providers continue to be the most susceptible to cyber-attacks. Given the mass amount of private patient data housed in vulnerable digital systems, it’s no wonder why hackers have the industry in their crosshairs. In 2016, the healthcare industry fell victim to 88% of all ransomware attacks in the U.S. Flash forward nearly three years later and the industry is still under attack.
Unlike with other industries, when healthcare information is stolen, it opens the door to identify theft where medical procedures can be performed and medications can be prescribed under someone else’s name and personal information, making patient data a gold mine for hackers.
In 2018, Med Associates, a billing claims vendor who provides claims services for over 70 healthcare providers, suffered a massive data breach of over 270,000 patient records after a hacker accessed an employee’s work-station. Serving as just one of the many breaches that took place last year, it re-enforced the reality that the industry is still not prepared for the cybersecurity war ahead of them.
With the number of cyber-attacks rising each year, it’s important to look at what factors can make companies vulnerable to a data breach:
Most of us should know by now that a strong password, comprised of a series of letters, numbers and special characters, is the way to go when it comes to a secure login. But, with passwords such as “12345” and “password” claiming the top spots as the most used passwords of 2018, hackers are easily cracking the code to breaching an account.
Excessive User Permissions
Users on any system should only have access to tools that are required to do their job. With excessive user permissions, users are able to access more data than they really need to. One survey highlighted that 44% of employees have access rights that are not necessary to their current role, giving hackers easy access to the secure data they were looking for without having to breach multiple employee accounts.
Resulting in approximately $408 per breached record, hackers know that healthcare companies are willing to pay when their private information is stolen, making it a lucrative business for those on the dark web. In fact, an IBM survey found that in 2016, 70% of businesses who have had experience with ransomware attacks in their workplace have paid to have stolen data returned.
Why This Matters –
Healthcare companies should have one priority when it comes to cybersecurity – to protect the personal data and safety of their patients. Even though a vast amount of information exists in support of stronger cybersecurity programs, healthcare companies tend to lack the proper staffing to keep up with cyber threats.
“Despite the growing importance of security programs, budgets remain relatively flat. So, healthcare needs to figure out how they can do more with less,” stated Susan Bindle, Senior Director of Marketing for Fortinet.
The good news is, government agencies are picking up the slack and working to provide effective solutions.
The U.S. Department of Health and Human Services (HHS) has opened a new cybersecurity unit aimed at helping the healthcare industry fight back against hackers. The unit’s coordination center will “coordinate the activities across the sector and report to DHS threats, profiles and preventative strategies.”
HHS has also recently released a 36-page cybersecurity best practices guide to provide further information to healthcare companies on the importance of cybersecurity programs.
In a world where medical devices are connected, hackers are waging an ongoing battle with the healthcare industry. It is imperative that companies find cost-effective cybersecurity solutions to protect their patient data.