Why Are Cyber Attacks on the Rise in the Healthcare Industry?
As if this past year has not been stressful enough for the healthcare industry with the onslaught of the coronavirus pandemic, it has another growing risk to worry about as well, cyber attacks. In an industry that is already under heavy strain from a global health crisis, hackers have been quick to target the healthcare industry and medical agencies in both the United States and Europe. Cyber attacks such as hackers, malware, ransomware, and DDoS attacks are increasing at an alarming rate. According to the March 2021 Protenus Report, “hacking incidents increased by 42 percent from 2019.” We can’t say we weren’t warned about this potential increase in cyber aggression toward the healthcare industry. In October 2019, the Cybersecurity and Infrastructure Security Agency, the FBI, and the U.S. Department of Health and Human Services (HHS) warned of, “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” Sadly, under-resourced and overrun hospitals continued to be a target for bad actors throughout 2020.
Examples of Recent Hacks
Some examples of what’s been happening in hospitals, insurance companies, and medical practices include ransomware attacks where patient data is held hostage until the practice pays a certain amount. Additionally, malware has been used to gain access to patient data. Hackers have hoped to gain access to both patient data and potentially cyber criminals are conducting cyber espionage to gather proprietary information regarding covid tests, vaccines, and cures. Specifically, the Universal Health Services Inc. was under a malware attack that cost the hospital chain approximately $67 million dollars. The World Health Organization and United States Department of Health and Human Services were also under attack.
Why the Healthcare Industry?
Some may wonder why, in the middle of a worldwide health crisis, would that industry be under constant attack by hackers. The HIPAA Journal online answered this question quite simply, “hackers took advantage of overrun hospitals.” While frontline workers were overwhelmed with patients and finding a cure for the deadly virus, hackers saw the vulnerability and seized upon it. Why else was the healthcare industry vulnerable to these types of attacks that continue to this day? Here are a few reasons.
Patient data is worth quite a bit of money. This could include sensitive data, financial data, and payment forms.
There are a vast number of medical devices (think insulin pumps, defibrillators, and heart monitors) that are easy entry points for hackers. Think about how many wireless devices are used at medical facilities and at homes.
Remote access creates more opportunities to attack. Check your remote policies to ensure they are using the strictest security protocols.
Healthcare workers know their areas of medical specialty and often have little time to worry about cyber crimes. (Rightfully so.)
Outdated technology makes for easier attacks.
The medical field must be able to share information (such as x-rays) with a primary care doctor. That shareability puts them at risk as well.
What Can Healthcare Facilities Do To Reduce Their Risk?
At Spectra Networks we work closely with our healthcare partners to ensure that they have the most up-to-date versions of software that allows for increased security to avoid these types of cyber attacks. We also help our clients maintain HIPAA compliance through physical and administrative safeguards. Here are a few other solutions healthcare providers can use to reduce their risks.
Use MFA - multi factor authentication to ensure that the person accessing the information has full permission.
Practice your response plans regularly so employees know what to do should a breach occur.
Restrict access to sensitive areas to ensure that as few people can gain entry to the information.
Encourage strong passwords and reporting of personal breaches that may put the workplace at risk as well.
Use encryption for your data that is at rest and intransit.