Why Healthcare Is Vulnerable to Ransomware

The Healthcare Industry has been under intense pressure for the past couple of years. This is not just due to the emergence and spread of the coronavirus globally, but also due to the surge in cyber crimes focused on the vulnerabilities of an already stressed healthcare system.  In the past year alone, there has been a dramatic 123% increase in ransomware and a 25% jump in data breaches in healthcare organizations and healthcare-related fields.  The numbers from the FBI’s 2021 Internet Crime Report were not any more encouraging either. Their studies show that “The healthcare sector fell victim to ransomware far more than any other critical infrastructure sector last year.” Let’s take a closer look at why the healthcare industry is being targeted, and why, in many cases, they are vulnerable to attacks. 

Plentiful Data

Healthcare organizations such as doctor’s offices, hospitals, and insurance companies have long been targets of hackers and cybercriminals. One of the main reasons for this is the ample amount of valuable personal and financial data that is stored and transmitted on a daily basis.  The sheer volume of healthcare data is a gold mine to cybercriminals looking to gain access to credit card information, personal data, and anything that may be of use in the future.  According to HIPAA Journal, “Between 2009 and 2021, 4,419 healthcare data breaches of 500 or more records have been reported to the HHS’ Office for Civil Rights. Those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 314,063,186 healthcare records.” That’s a huge amount of data that could be maliciously used now or in the future.  This chart shows the steady increase in the number of records that have been breached and used over the last decade.  healthcare breaches

Expanded Attack Surface 

The adoption of electronic health records (EHRs), wireless medical devices, and the advent of telemedicine over the past two decades has expanded the attack surface in healthcare considerably.  Innovation with new medical devices is a great advancement for sharing data and images with medical specialists but it also means critical equipment is now more directly exposed to attackers. Over the course of the pandemic, telemedicine and EHRs have been used more than at any other time in history. This expanded usage gives more opportunities for vulnerabilities to open up and records to be hacked. 

Older Systems & Devices 

Equipment and medical devices in the healthcare field are often used well past their prime due to the cost to replace them. Consequently, this medical hardware often relies on outdated and unsupported versions of Windows to manage systems like X-rays, MRIs, and CT scanners. Software for these pieces of equipment can also pose an issue of vulnerability. If security patches are not installed regularly or updates have not been made, these devices can become a risk to compliance and the level of security your patients and clients need and deserve.  Does your healthcare organization need a risk assessment or updating of software or hardware to lower your risk of ransomware or cyber crimes? Talk to our team about how we can help shore up your vulnerabilities and keep your data secure.