Hackers & Health Care: Why Are Health Providers Becoming Hacking Victims?
The proliferation of cybercrime is forcing businesses around the world to strengthen their security defences. From the latest anti-virus software and enterprise-grade firewalls to private cloud web hosting featuring SSL certificates and two-factor authentication, there are countless steps a company can take.
But while several hackers target multinational corporations to compromise financial records, sensitive information, and confidential data, others are focusing on healthcare providers instead.
Washington DC-based MedStar, one of the region’s largest medical providers, recently had to shut down its operations for a day due to a computer virus. So, why are health providers becoming hacking victims?
Reasons why hackers are targeting healthcare providers
In addition to personal information that could be used for traditional financial fraud, such as your name and payment details, hackers are seeking out health insurance information too, particularly in the US. This is because it can be sold via online black markets to commit medical fraud, which includes obtaining free care or treatment and purchasing expensive equipment.
According to Ben Johnson, co-founder and chief security strategist at cyber-security firm Carbon Black, hackers could even find a way to leverage compromising medical information into a blackmail scheme, although this hasn’t happened yet.
Even so, US hospitals are reporting ransomware attacks, which let cybercriminals hold a computer hostage by planting malicious software on the network. It can then make crucial information inaccessible to the legitimate user and ask for a payoff to get it back again.
For healthcare providers that are unable to manage without electronic medical records, this is a particularly dangerous scenario. As a result, healthcare providers are more likely than other organisations to accept a hacker’s demands.
The vulnerabilities of the healthcare sector
Cyber security firm TrendMicro says healthcare was the sector hardest hit by data breaches between 2010 and 2015. This is due in large part to the range of different equipment and devices most hospitals need, which makes standard security practices such as regular updates difficult to fulfil without risking instability.
Healthcare providers also have to consider the security implications of connected medical devices too. For instance, a hacked pacemaker or drug pump could have fatal consequences for certain patients.
For this reason, the FBI said: “The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.” But what can healthcare providers do?
How to improve healthcare security
In 2010, the healthcare industry launched the National Health Information Sharing and Analysis Centre (NHISAC) to increase cybercrime awareness and help stem the spread of particular threats as soon as possible.
But for some, this doesn’t go far enough. As well as the time and effort required to identify potential problems, healthcare providers need assistance in finding the right people to implement security solutions. Again, this raises more questions than answers.
“I’ve literally talked to healthcare organisations that have 300 open security positions, and are struggling to fill even a handful of them,” said Johnson. “It’s going to be a rough few years.”