A year after hackers unleashed the WannaCry and NotPetya ransomware, taking down healthcare organizations and other companies around the world, the healthcare industry still struggles to keep its systems secure.
A year after WannaCry, healthcare organizations face mounting cyberthreats
In the first six months of 2018, there were 154 breaches reported to the Office for Civil Rights, up 13% compared to the same period in 2017. There were 50 "hacking/IT" incidents specifically during that period in 2018, just two more than there were during the first six months of 2017.
"There's definitely more healthcare-related breaches," said Bob Olsen, Navigant's director of cybersecurity. "The challenge is there are new vulnerabilities being discovered every day. It's a bit of a moving target."
But there could be multiple factors behind those increases, cautioned John Riggi, senior adviser for cybersecurity and risk for the American Hospital Association and an FBI veteran. Organizations may simply be reporting breaches they wouldn't have reported in the past, or reporting breaches that happened years ago. That's what happened with LifeBridge Health, which in 2018 reported a breach of half a million patients that happened in 2016.
Nevertheless, healthcare organizations are engaged in a constant battle against cybercriminals, Riggi and others said.
The struggle peaked in May 2017, when hackers let loose the WannaCry ransomware, which encrypted data and demanded ransom in bitcoin in exchange for the decrypted files. The attack affected about 200,000 computers in 150 countries, including the UK, where the National Health Service's systems went down.
A little over a month later, hackers sent out another piece of ransomware, NotPetya, which took down Nuance and other companies. Nuance lost $92 million in revenue due to the attack.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.