Why More Hackers are Targeting the Healthcare Industry
The number of ransomware and other malware attacks is rising very fast in the healthcare industry; hence risking critical data and putting human life at risk. This is due to the fact that healthcare organizations are shifting their work to cloud services in a bid to improve accessibility and patient care. This movement includes valuable information including PHI (personal healthcare information) and PII (personal identifiable information) which has led to cyber criminals taking a particular interest in the industry. Between the year 2011 and the year 2014, the sector – including pharmacies, labs, hospitals drug companies, and outpatient clinics registered the most frequent data breaches of all industries. Keep on reading to find out why Trinsic has identified these organizations as popular targets to such attacks.
- Healthcare Data Is the Most Valuable Data of All
Suppose a hacker goes through the trouble of infiltrating, say, a brick and mortar retailer or an e-commerce vendor, they are more likely to walk away with thousands of credit card numbers. For this reason, credit card companies and consumers have learned to deal with such kinds of breaches. For example, banks tend to assign new numbers to their customers provide them with new cards and assure them that any suspicious charges will be wiped out. By the time a hacker gets the chance to sell their stolen card data, most of it is normally useless.
In contrast, healthcare data makes it easy for the criminals by giving them just about everything they need to steal identities, creating high-value goods they can sell on the black market. A contributing factor is because in healthcare, acting fast can make the difference between life and death. So, in case of an emergency, most medical professionals have little time to access your data with a password of at least 8 different characters and 2 factor authentication.
2. Healthcare Hacking Is Getting Easier
Today, the digital transformation in healthcare is rapid, but the only thing that is lagging behind in this regard is its security. Trinsic has discovered, and nationwide IT audits have confirmed, healthcare facilities use outdated and unpatched devices that are connected to the internet making it easier for them to get infected with malware. These infected medical devices, therefore, give hackers a chance to exploit vulnerabilities and gain access to the hospital systems. Once they gain a foothold, these hackers can then offer “hacking-as-a-service” to fraudsters who are interested in exploiting healthcare systems but lack the technical hacking skills.
3. Cyber Attacks Have Become More Advanced
The cybercrime organizations out there tend to operate just like any other technology company. This means that they are also always looking for ways of develop more advanced hacking tools. In their research, the TrapX Security Labs division described medical devices they found to have been infected with an advanced attack flow they call MEDJACK (medical hijack), that creates a pivot point for the hackers to get into the hospital systems. They reported these attackers used techniques that could make it possible for them to extract sensitive patient information without being detected.
4. Highly Connected Systems
Now healthcare organizations have shifted their workloads to the cloud, their systems are now highly connected; hence, they run the risk of being deeply affected even if the attacks are carried out on smaller, partial systems. This means that, in case of a cyber attack in one place, the entire system could be brought down altogether. A good example is in May 2017, where the WannaCry ransomware attack made several hospitals across the UK to turn away ambulances that were transporting patients and also cancel surgeries that were about to be started. The attack also compromised with the basic processes that included patient admission.
This attack serves as a lesson on how important it is for these organizations to be able to continue running and providing care to the patients during a cyber attack.