Cybercriminals are the worst. They worm their way through the code of your server and leech all the data they can, disrupting and in some cases destroying everything you’ve worked for. It’s bad enough that hackers attack your server and mine your data for banking information and other personal details to hold for ransom. But what’s worse still is that cybercriminals are targeting the healthcare industry and cherry picking their findings for the most nefarious of purposes.
Healthcare’s Cyber War
The healthcare industry is the number one industry hit by cyberattacks. In an interview with the Washington Post, senior security consultant Jay Radciffe of Rapid7 says that “part of the problem is that hospitals and doctors’ offices often have to oversee a mishmash of different types of equipment running different types of software—and they can’t always apply standard security practices, like regular updates, without risking instability because it might break the connections between systems.”
Due to healthcare professionals having to be selective about the updates they make, cybercriminals have an easier way to get into their systems because they have a longer amount of time to work out what the hospital or clinic’s vulnerabilities are. In 2014, the Federal Bureau of Investigation (FBI) warned healthcare providers that they are highly susceptible to digital incursion and needed to update their defenses accordingly. In a private notice sent to healthcare providers, the FBI stated that “the healthcare industry is not as resilient to cyber intrusions [as] compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”
What is it that makes the healthcare industry so much more desirable to cybercriminals? Aside from the fact that the healthcare industry’s cyber defenses are easier to crack, the private data held by hospitals and clinics is significantly more advantageous to get ahold of than that gleaned from the retail and financial sectors. At most, hackers can only lift credit and banking information from the financial and retail industries. Banking information sold on the dark web is cheap, and because those affected usually cancel their credit and debit card accounts once suspicious activity is reported, the data is no longer viable.
It’s a different case with the data stored by healthcare providers. Healthcare professionals hold specific unchanging information about patients that make it easy to exploit said patients throughout their lifetimes. The data includes:
-Social Security Numbers
-Birthdates
-Health Insurance Account Numbers
-Medical Histories
This information can be used to steal identities, blackmail patients and commit health insurance fraud. Unlike bank account information that can be changed, people cannot change their birthdates or SSNs. This makes their information quite valuable on the dark web.
According to Rapid7’s vice president Lee Weiner, “What [cybersecurity professionals] have seen in the last few years is that [cyber] attackers have realized the economics of healthcare data are very, very attractive.” In a study conducted by Dell Secure Works in 2013, it was learned that health insurance credentials were being sold at 10 to 20 times the black market value of U.S. credit card numbers complete with security codes. If breaking into a healthcare providers network and stealing dozens of patients’ information garners that much of a monetary boost, why would hackers settle for making pennies on credit card numbers?
It’s for the reasons above that it’s necessary for healthcare providers to up the ante of their healthcare cybersecurity efforts. If it’s learned that your medical office was hacked and you had little to no cybersecurity measures in effect, you will be sued and put at a high-risk of losing your practice.
Protect your patients, protect your staff and protect yourself. Upgrade your healthcare cybersecurity.