Last two years were uneasy for the healthcare industry as almost all (around 90%) healthcare organizations became victims of cybercrimes at least once. Approximate damage of every cyber-attack costs no less than $2.2 million. Overall, the industry has taken a hit that equals to $6.2 billion.
Strangely enough, healthcare industry authorities seem not to pay attention to the stepped-up attacks of cybercriminals and the apparent failure of the security systems to withstand hacking and ransomware attacks. Such conclusion can be made due to the retrenchments on healthcare security though even current funding is clearly not enough for the proper supplement of the data protection.
Pallid statistics states that 45% of the surveyed organizations faced more than 5 data breaches in the past two years. Taking into consideration that most times hackers laid hands on a small amount of information (less than 500 data records), such accidents were not revealed to publicity. However, even such seemingly non-threatening breaches were able to harm the industry greatly.
The fact that hospitals, healthcare centers, and other organizations became easy targets for cyber-attacks is evident. More than that, hackers started to gather information from insurers like UCLA Health or 1st Century Oncology. Today we witness a storm of ransomware attacks on hospitals; they set off an alarm that it is necessary to do everything possible to protect data stored in the healthcare organizations.
Medical records always include billing and insurance records plus payment information so no wonder that healthcare organizations are the desired target for hackers. According to the official statistics, this industry faced more than a quarter of all attacks on industry sectors.
These sad numbers show that security programs and methodologies used to protect healthcare apps are insufficient. They constantly receive low marks compared to their rivals from other industries.
Interestingly enough, the financial information is not the only thing that interests cybercriminals. Often they are searching for medical files that are later used for medical identity thefts. Taking into consideration that majority of healthcare organizations doesn’t protect the patients’ information and victims are not secured from the repercussions of changes made to their medical records, the results of such attacks may be disastrous. It is obvious that scammers know what information to search for and how it can be used. Hence, any error in the records that is impossible to correct may be life-threatening.
Not so long ago, stealing medical records was not so common. However, today it becomes clear that hackers learn quickly what advantages medical identity thefts have. Plus they realized that it’s much easier to steal this information as healthcare organizations seem to encourage cybercriminals by leaving sensitive information like diagnosis or prescriptions almost without protection.
The main reasons of data breaches are:
- Cybercrime-based attacks;
- Loss or theft of a device;
- Insider attack;
- Employees’ actions.
Healthcare industry suffers from DDoS attacks, ransomware and malware, phishing, password attacks and many other means of cybercrimes. Perhaps, due to the dire state of healthcare security today, the situation with budgeting and hiring highly qualified staff starts to change for the better: there are around 20,000 vacant positions in the security section aimed to improve the situation with the cyber safety problems.