In recent times we have seen a numerous number of cyber attacks targeting the healthcare firm. For example the case of Oklahoma State University Center for Health Sciences (healthcare provider) had almost 279,865 individuals affected by the data breach, similarly, there were 17 other healthcare organizations that become victim to cyber attacks in 2018.
In 2019 this was furthermore devastating with only four months into the year, January alone counted to 33 data breaches. Shockingly the rehab clinic database data breach exposed a database of size 1.45 GB that had 4.91 million records of 146,316 unique patients.
On average 29 healthcare data breaches occur every month, please take a look at this graph for an idea.
In this article, we will discuss five reasons why healthcare has become an attractive target for cybercriminals.
Availability of data
With the depth and volume of personal information available in the healthcare industry for every individual patient, no other industry is attractive than healthcare. Not only data about current patients, but the history of patients would also make an attractive DB for cybercriminals.
Medical fraud can take years to be identified, cybercriminals can also blackmail the patients even if the records are pretty old or they can sell it to the black market and guess what these data’s can be 10 times more costly than stolen credit cards.
Below are the health records that have been exposed over a period of six months,
Outdated cybersecurity procedures
With healthcare keeping medical parameters as their priority, cybersecurity procedures are yet to be updated and sustained to defend against unforeseen cyberthreats.
Since the mere objective is different, the realization may come only after they experience a data breach. Healthcare sector may fail to keep their systems update leaving even the pretty old WannaCry to take them out with the EternalBlue vulnerability.
Smaller healthcare organizations may not find cybersecurity so necessary as they are dealing very fewer data compared to the big shots in the market, but if they are handling patients records electronically using the EHRs then they need to understand cyberattacks are inevitable.
Below are some loopholes through which healthcare data breaches are triggered.
Lack of Resources
Healthcare industry may lack the right talents to keep their
data secured and with their prime focuse towards healthcare, medical
equipments, treatment and patients, cybersecurity in healthcare becomes a
lovely spot for attackers to launch a remote code execution or privilged
escalation take down without any security professional detecting it on time.
Lack of cybersecurity professionals taking care of healthcare cybersecurity can be a significant problem in recent times.
Lack of cybersecurity awareness
Healthcare industry is yet to understand the best practices of cybersecurity and keep their checklist always updated. After proper evaluation and research, a security professional can bring in essential cyber tools like security information and event management(SIEM), automated patch management, intrusion prevention system(IPS) and endpoint security management to not only prevent the cyber threats and but also react when they experience the same.
Inter-connected attribute of healthcare
Consider the case of NHS which experienced the ransomware threats back in 2017, their data were encrypted because of their lack in cyber hygiene. NHS has data which is interconnected with other branches of the same organization at a different location, which again makes an attractive target for a takedown.
They are interconnected, so is their PHI across locations.
These interconnected PHI could satisfy the hackers and is the main reason for
them to target healthcare firms. Assuming smaller organizations are not an
attractive targets may backfire the organization because of this reason.
Healthcare is a very crucial industry, data encrytpion or
being stolen can leave the doctors absolutely clueless about their patients and
this entire service can turn useless if there aren’t right cybersecurity
practices in place. Its time to redefine their cybersecurity routines to stay
secured against any unforeseen cyberattacks.