Florida’s Agency for Health Care Administration received the preliminary findings of a review launched by the state’s Inspector General on January 2. The review was in response to a data breach involving 30,000 Medicaid recipients on November 15, 2017. The breach was a direct result of a staff member clicking on a malicious phishing email, giving the attacker access to the patient database. The data obtained by the hackers included names, addresses, Medicaid identification numbers, birthdates and social security numbers. The agency states that because of the attack, they are implementing an extensive training program for their employees in order to thwart similar attacks in the future. They claim that thus far, the stolen information has not been improperly used.
This incident is just the latest in an ongoing acceleration of cyber attacks targeting the healthcare industry. According to BusinessWire, 2017 saw a 23.9% increase in cybersecurity incidents involving the healthcare industry with a total of 3,442,7748 records being compromised for the year. In recent years, medical records have become the targets of choice amongst hackers as the confiscated data can be used to support identity theft and financial fraud. Not all of these incidents involve data breaches. Ransomware extortion attacks are also very common in the healthcare industry due to the criticalness of getting data back online to serve patients. In fact, according to a Verizon report, 72% of all healthcare malware attacks are ransomware related.
Unfortunately, the onslaught of cyber attacks levied on healthcare organizations is forecast to expand into 2018 as the IDC predicts that one in three medical records will be compromised this year. According to FBI research, the healthcare industry in the US annually loses between $74 billion and $246 billion. It is clear that the industry must do more to address this crisis
Two significant factors make them overly vulnerable.
It appears however according to a study published by the Center for Connected Medicine called “Top of Mind 2018 Survey of Technologies,” Healthcare organizations are putting a serious focus on cybersecurity.
A common theme throughout the report is the realization that cybersecurity must become a top-down strategic initiative. Healthcare system executives across the board said they plan to invest in technologies to help improve overall strategy and response times when it comes to cyber threats. Organizations that lack the resources to fund internal staffs are planning to invest in outside services such as monitoring services and cybersecurity assessment consultants.
According to the ECRI Institute, a greater focus on best practices and end-user education will pay the largest dividends for healthcare organizations:
It needs to be mentioned that ransomware may be maturing as a form of malware and thus may evolve into new forms that may, in fact, be able to expand beyond direct physical connections. The one certainty of ransomware is that maintaining a well-designed working backup solution will serve as an effective measure against the lasting effects of ransomware, no matter how it may evolve one day.
The fact that healthcare organizations are the proprietors of so much rich data makes them a primary target of cyber attacks. The healthcare industry is also vulnerable because of medical devices with weak security and the use of legacy IT systems. With the start of the New Year, every healthcare organization needs to reevaluate its cybersecurity strategies as attacks are increasing in sophistication and force.
Are you an IT professional working in the healthcare sector, that wants to ensure sensitive data and devices are protected? Talk to a specialist or email us at firstname.lastname@example.org with any questions.
Sign-up for email updates...