Over the past year, healthcare company hacks have been on the rise. On a weekly basis, large companies, major hospitals, associated third party firms, and small practices alike have made headlines all over the country after being paralyzed by data breaches and scams.
As cybercrime becomes a more lucrative enterprise, the healthcare sector has become an irresistible target for hackers.
6 reasons why hackers target healthcare companies
1: Healthcare company hacks yield valuable data
Healthcare companies retain a large amount of personal data related to their patients. Social Security numbers, addresses, insurance information, and payment data are all common requirements for medical care. Offices keep this information to facilitate quick patient processing and make life easier for staff, other practices, and customers alike.
However, this trove of personal data is a beacon for hackers. The information available on healthcare company servers can be used to impersonate people for fraudulent insurance claims and credit card scams. Usually stolen in large quantities, the data can also be sold on the dark web to others who wish to commit fraud.
Successful healthcare company hacks provide criminals with a reliable source of condensed, high value data.
2: Healthcare companies are likely to pay a ransom
Healthcare company hacks that result in network shutdowns deprive people of medication, treatment, surgery, and more. Because these enterprises provide such critical services, they are inclined to quickly end a cyberattack that comes at the expense of their patients.
A company that provides cancer treatment, for example, is more likely to pay out a high ransom with little negotiation than one whose downtime is more of an inconvenience than a matter of life and death.
Healthcare companies are only as valuable as the services that they can effectively, reliably provide. A long term network takedown can have catastrophic effects on a hospital’s patients, their bottom line, and their reputation going forward.
3: Small healthcare providers can’t afford security
Large healthcare companies have the resources to allocate to cybersecurity awareness and protocols. Smaller practices, however, typically don’t operate on a budget that allows them to keep pace with security trends and best practices.
While a company’s size can have little to do with their ability to defend themselves for a hack, as the recent hack of Microsoft’s Exchange Server has demonstrated, smaller businesses are almost always easier targets.
Private practices retain the same kind of valuable information that large providers do, but on a potentially less secure network.
4: Healthcare companies are full of connected devices
In addition to servers loaded with patient data, healthcare providers are encountering an increasing number of connected devices. These machines may be used to perform tests and take measurements that are then fed directly into the hospital’s network. Some of these devices are used for life support and other important operations.
Applying cybersecurity protocols to an increasingly tangled web of critical, connected devices poses a growing challenge. These medical tools require updates and scheduled maintenance just as any other computer does to keep security as tight as possible.
Bad actors are acutely aware of the potential for vulnerabilities in these new devices. Some require a line of communication with their manufacturer to operate, making even an attack on the builders of these machines a potentially deadly event.
5: Healthcare companies often have poor cybersecurity awareness
Most hackers do not target specific institutions or individuals. Criminals often play the numbers game, shooting out massive blasts of phishing email attempts in the hope that someone will unknowingly open one and expose their workplace’s network.
Human error is a major contributor to the rise in cybercrime. With hospital staff already overworked, the importance of cybersecurity training may pale in comparison to other tasks to be done. However, patient health is at risk if proper security training is not administered.
With care so deeply tied to a hospital’s ability to access and secure their network, it is imperative that providers treat the strength of their security with the importance that they treat the health of the people in their care.
6: State-sponsored hackers look to steal data
The COVID-19 pandemic has had disastrous effects on cybersecurity infrastructure across all industries. However, it has also resulted in an increase in state-sponsored snooping into healthcare providers.
As countries continue to reel from the effects of the coronavirus, it has been reported that state actors have been at work attempting to pilfer proprietary information related to vaccinations as well as the personal data collected at vaccination sites across the country.
Foriegn affairs, brought to a boiling point by questions regarding coronavirus policies and strategies, have resulted in international tensions spilling into the healthcare sector.
Stay safe from hackers
Healthcare company hacks are just the tip of the iceberg with regard to the rise in cybercrime over the past year. Follow these basic practices to help keep your network safe:
- Be sure that your staff is well trained and kept up to date on the tactics used by cybercriminals.
- Use a firewall. Refurbished firewalls and switches are available from highly regarded online dealers so you can stay safe and save money.
- Using a virtual private network (VPN) can keep your internet usage under wraps.
- Clear your web browser cookies at least once a month.
- Use strong passwords and change them regularly.
Sources
Cybersecurity in the healthcare industry by Steven Bowcut, Cybersecurity Guide, Feb 19, 2021
The new wave of hacking attempts hitting hospitals: 6 things to know by Jackie Drees, Beckers Hospital Review, Feb 2, 2021
The Risk of Nation-State Hackers, Government-Controlled Health Data – HealthITSecurity.com by Jessica Davis, Health IT Security, Aug 4, 2020
Cyber attack disrupts cancer care by Ariel Hart, The Atlanta Journal-Constitution, April 27, 2021
Yale New Haven Health able to treat cancer patients again after nearly a week offline due to data breach by Sabina Kuriakose and Mackenzie Maynard, NEWS 8 WTNH, April 28, 2021
At Least 30,000 US Organizations Newly Hacked Via Holes in Microsoft’s Email Software – Krebs on Security by Brian Krebs, Krebs On Security, March 5, 2021
