Cyberattacks on healthcare providers have grown more popular in recent years – especially with the rise of ransomware incidents in hospitals. And that trend shows no sign of stopping in the coming year. In fact, experts say the situation may get worse in 2017.
A new report from Experian, the 2017 Fourth Annual Data Breach Industry Forecast, predicts healthcare organizations will be the industry most often targeted for attacks next year.
Why criminals go after hospitals
There are several reasons why hospitals and other healthcare providers continue to be attractive targets to cybercriminals.
Selling personal medical information on the black market can be financially lucrative. In fact, hundreds of thousands of hacked medical records can be found for sale on what’s known as the “dark web.”
More than 100 million healthcare records were compromised in the past year alone, according to a report from IBM cited in Experian’s research. While many of those breaches occurred when cybercriminals targeted payors, hospitals should expect to see more of these attacks in the coming year.
Here’s why: Because payors’ networks are typically more centralized, it’s easier for them to bolster their security against outside threats. Hospital networks often have many weaknesses to exploit that are attractive for hackers, including the relative ease in gaining access to a facility’s network through medical devices.
Hospitals also have more attractive information to criminals saved within electronic health records (EHR) systems. Often, an EHR has a fairly comprehensive health history for a patient saved in its database, which is desirable to criminals who want to commit medical fraud, identity fraud or a number of other illegal schemes.
And if hospital staff ever access the EHR through a vulnerable computer or device, such as an unencrypted personal smartphone, hackers can easily gain unauthorized access to all this information.
Ransomware still huge threat
Besides flat-out theft of medical information, Experian also warns that ransomware attacks against hospitals will become more popular in the new year.
Because the negative impact of this malicious software on hospitals has been well documented, many criminals may view it as a way to make quick money – particularly since organizations will often just pay the ransom to resolve the situation right away (though that doesn’t always happen). That’ll inspire cyberattackers to develop more sophisticated malware to bypass current security measures and exploit weaknesses in hospital networks.
Some ransomware may become so sophisticated that hackers may bypass the ransom demand altogether – stealing data from hospital systems while simultaneously locking them down, preventing the facility from accessing any information at all, with no option to pay a ransom and restore access.
To fight the threat of ransomware and other cyberattacks, hospitals must make sure their networks are protected with up-to-date security measures. It’s essential to work closely with IT to have a contingency plan in place, just in case an attack does happen, so your facility can continue normal operations.
It’s also important to regularly remind staff of best practices for keeping confidential health information safe and secure, especially since malicious software often infects networks due to human error when clicking on links or downloading programs.