The Number One Target for Hackers
The number one target for hackers.
Currently, hospitals and other healthcare related facilities are the number one target for hackers. According to CBS News, almost every hospital in the US deals with some kind of cyber threat or attack. Experts say that for as much information that the healthcare field is responsible for, cyber security standards should be a higher priority. Imagine how many patient records one hospital is responsible for. Then to think about the total number of patient files for every medical facility is almost hard to imagine. In hospitals, cyber security is not the main focus. With how cyber criminals are evolving now and targeting the healthcare field, it should be.
Why are hospitals a major target for cyber criminals?
All in all, hospitals and other medical facilities are a goldmine of personal information that criminals can steal and used for malicious purposes. A few ways to use this information includes fraud, extortion, blackmail and even selling the information on the black market.
The price of medical information is higher than any other type of personal information (social security, credit cards, etc.). Prices for medical files can range from $200 to $1,000 on the black market.
How can hackers obtain sensitive personal information?
Now that the threat of cyber criminals attacking hospitals is rising, the next question here is, “how are hackers able to obtain a hospital’s confidential information?”. Some of the most recent and popular methods used by hackers include the following.
Targeting weak network/data encryption or login information is one example. This allows a hacker a way into the network or into an employee account. Both of which once infiltrated, allows access to an abundance of information.
Next, unauthorized users may execute phishing ploys. This happens when they call a hospital and impersonate an employee from the IT department and ask for login information of an actual employee. If given the correct information, they can now login as an employee and possibly go undetected for some time.
Gaining access to IoT or connected devices is also another way they can get in. This method is usually aimed more at bringing systems down. To explain, some MRI machines connect to the internet. This allows the machine to send information directly to a doctor. For example, if a hacker takes down this connected device, crucial medical information will not reach its intended destination. This scenario may detrimentally affect the care of a patient.
What can the healthcare field do to prevent data breaches and attacks?
Due to the rampant increase of such threats, the issue is now on the radar of hospitals. Steps in the direction of improving security are gaining traction in the industry. A few approaches that the healthcare field should implement include the following.
Ensuring that ePHI backs up correctly and is secure is one proactive method. If your information backs up correctly, when a hacker shuts down the systems and ransoms the information, the hospital can maneuver around the ransom payment. They will still have all of their information on the back up and can get the facility up and running.
Another tactic is creating documentation and procedures on security protocol. These documents would include information about properly securing files, what employees should do if an issue arises and a layout of a security framework.
Educating staff about cyber security can help eliminate the risk of an issue that an employee may indirectly cause. An example could be that the staff is more aware of social engineering and phishing ploys. They then can report such scams to the proper authority so mitigation may begin. (visit our article on unintentional employee threats)
To conclude, cyber criminals and their tactics are always evolving. Hospitals are the number one target for hackers. But with the growth of the cyber security field, more professionals are learning and creating new ways to defend our personal data.
The goal for any type of medical facility and the industry should be to step up their game regarding cyber security. With the request of many to do so, a future of secure patient information and facilities is within the grasp of the healthcare field.
By Taylor Ritchey