The healthcare industry is a top target for cyberattacks in general — and ransomware in particular. That’s because patient data is more valuable than basic identity information. To give an example of its worth, medical histories can be sold and the data used for alternative, unethical purposes. But most cybercriminals use ransomware to disrupt operations — and patient care — in order to coerce healthcare providers to pay a ransom to regain access to files.
Shore Up Your Cybersecurity
Healthcare Providers are a Prime Target for Hackers
BD: In February, there were almost as many reported cybersecurity breaches in healthcare as there were days. Providers, health plans and their associates reported 26 breaches affecting more than 1.5 million patients to the federal government, according to data reported by the Health and Human Services department’s Office for Civil Rights. The largest single breach in 2019 exposed 11.5 million patients’ data.
Across all industries, system glitches and human error account for 25 percent and 24 percent of breaches, respectively, but the majority—51 percent—are caused by malicious software attacks (malware), according to the IBM-sponsored 2019 Cost of Data Breach Report. A recent Verizon report found that ransomware accounts for more than 70 percent of malware targeting the healthcare sector.
BD: Healthcare providers are susceptible to cyberattacks because many continue to use outdated and unsupported software and operating systems. The scope of the problem expanded in January, when manufacturer support for Windows 7 ceased unless users paid for extended security updates. Using operating systems and software that are unsupported and, therefore not being patched, is not only a HIPAA violation; it also makes healthcare providers a relatively easy cyberattack target as well as a profitable one.
Medical records are valuable to steal or ransom. Compared to financial breaches, which are detected fairly quickly, fraudulent use of patient data can go on for longer periods. That’s one reason why medical information is generally worth more on the dark web than credit card numbers. However, selling patient data isn’t always the intent of cybercriminals.
Ransomware is malware that locks computers or encrypts electronic files. Because disruption to patient care can potentially cost lives, the perception is that healthcare providers will be more likely to pay a ransom to unencrypt their files.
BD: Healthcare organizations should stop thinking about cybersecurity as an IT issue. Instead, treat it as a matter of organizational risk, with patient safety and care quality at stake. In the aftermath of an attack, electronic health records and internet-connected medical devices can go down. According to the IBM-sponsored study conducted by the Ponemon Institute, it takes an average of 279 days, across all industries, to contain a cyberattack.
Take precautions and be prepared for a breach — be it accidental or the work of hackers. Educate employees, executives, and the board of directors about secure computing and how to avoid being tricked by a hacker. Make sure your organization has offline backups, and patch systems regularly. Segment sensitive information, such as patient data storage, from the broader network to limit malware’s ability to spread.
Detect breaches through vigilance. Leverage tools like Security Incident Event Monitoring (SIEM) to detect network intrusions. Conduct regular vulnerability scans and penetration tests. Don’t be overly reliant on technology to handle this. Monitor reports from the security team for odd or suspicious activity.
BD: Make sure you have an incident response team, an emergency response plan and a communication plan in place. It’s also important to have a printed contact list of go-to partners that can assist with containment and remediation. In the event of an attack, disconnect network and subnet internet circuits. Power down servers and any machines suspected of infection.
Move to disaster or downtime procedures and determine if external reporting is required. Learn from the event. After a security breach, conduct a root cause analysis and evaluate what worked and what needs to be corrected or updated. Be transparent with the internal team and discuss findings with the board. Update employee education based on what you learn.
To learn more, please visit www.communityhospitalcorp.com.