In an article written by John P. Melli, Jr, Ransomware cybersecurity attacks on healthcare organisations are predicted to quadruple by 2020. Over the past few years, healthcare organization are moving towards full digitization and leveraging technology to improve the efficiency and quality of healthcare services. Doctors can now view their patient’s medical test results directly from their mobile devices and receive their patient’s parameters, like heart rate and blood pressure in real time. However, that also means irreplaceable medical data are exposed to the Internet, which draws the attention to the cybercriminals.
In 2017, healthcare organisations are becoming an increasingly favoured target for hackers, majorly affecting cybersecurity. Just a few weeks ago, a cyberattack, WannaCry ransomware attack, has infected more than 200,000 systems in 150 countries, according to BBC. This massive ransomware attack freezes systems and blocks access to any files on a system until a ransom is paid. It has caused major disruptions to several organisations, including hospitals. At least 16 hospitals in the United Kingdom are being affected by the WannaCry ransomware cybersecurity attack. Hospitals are forced to cancel non-emergency cases as they are unable to access patient’s medical information. It remains unclear exactly how this ransomware spread so rapidly and widely, but there are indications that this ransomware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft. Experts have yet to find ways to decode the ransomware strain without paying the ransom. Victims, who do not have backups of their files, are required to pay $300 to $600 in Bitcoin per computer to recover their files. More recently in 2019, hackers targeted and retrieved personal information of 1.5 million SingHealth patients, including that of the Prime Minister in Singapore’s worse cyberattack.
Today, ignorance on cybersecurity is no longer an option, it has become a critical strategic asset that every organization, especially in the healthcare industry, must address seriously. Over the past decade, healthcare organisations have implemented a health information technology infrastructure to access, send and receive healthcare data. However, many healthcare organisations have not invested sufficiently in creating a robust IT security strategy that can protect the health data in electronic health records (EHR) system.
Given that EHR contains a wealth of information that can be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft, personal health information is more valuable on the black market compared to other industries in which only a credit card number can be compromised. Indeed, according to FBI, cybercriminals are selling EHR on the black market for $50, compared to $1 for a stolen social security number or credit card number. EHR is valued more not only because of the data but also because it is hard to detect and mitigate identity theft in healthcare. Unlike credit cards that can be easily canceled and replaced if get compromised, there is often no straightforward contingency plan for healthcare records once they have been breached.
As a result, there has been a spike in growth of sophistication of cyberattacks in the healthcare sector. According to HIPAA Journal, between 2010 and 2014, approximately 41 million healthcare records were exposed in data breaches, but in 2015 alone, more than 113 million healthcare records were exposed. Over the past few years, there is also an increase in the number of breaches. Although the health care organisations have made great progress in leveraging technology to drive improvements in providing quality and efficiency of healthcare services, they are also drawing the attention to the cybercriminals.
Cybercriminals are finding more stealthy ways to get around security measures and obtaining the information they want as healthcare organisations are trying to protect against these data breach. Therefore, healthcare organisations should always be proactive in preparing security measures to counter any new security threats and not wait until for an attack happens. Aside from coming up with great security strategy to protect the assets, healthcare organisations should also remember to educate their users and employees as humans are often the weakest link in computer security.
Symantec has proposed the following steps to help organization manage cybersecurity to move from a reactive to a sustainable, business-driven approach:
- COMPLY with key mandates; base security controls
- STAY AHEAD of threats
- Let risk assessment DRIVE priorities
- IMPLEMENT a sustainable risk-management program
- Let business priorities ADVANCE the security strategy
Award winning Home Care trusted by health professionals – Jaga-Me