Hackers Have Found Easy Targets in Healthcare Organizations as 75% of Them Worldwide Have Been Affected
It can be hard to grasp the scale of cyber infections if you do not get exposed to them directly. However, the continuous trend allows us to assume that the number of data breaches will continue to grow, and certain sectors can be more vulnerable to such hacks than others. In this entry, we would like to draw your attention to the fact that around 75% of health organizations worldwide have been affected by hackers so far, and we can only expect this number to grow. No one wants their healthcare information stolen by hackers, but this problem has to be tackled more on the organizational level rather than on the personal.
How prevalent are data breaches in the healthcare sector?
We have been talking about cybersecurity in healthcare for quite some time now. For instance, we talked about 10 steps to protect your private health data online before, and we also looked at the things you can do to secure your protected health information. However, as mentioned, when it comes to data breaches in the healthcare sector, there is a limit to what one user can do individually. It should also be up to the healthcare organization or institution to employ the latest cybersecurity measures and practices to avoid dangerous hacks.
And while most of the healthcare providers are obviously aware of the potential cyber threats, the number of attacks on healthcare organizations has only been growing. According to the Keeper Security’s report on cybersecurity in small and medium-sized businesses, at least three in four healthcare organizations have been attacked by hackers before. What’s more, the survey says that over a half of the organizations that have ever experienced a cyberattack were attacked within the last twelve months. Thus, it shows that the attacks on healthcare institutions are only increasing, and with the ongoing COVID-19 pandemic, we can only expect this constant surge of attacks to grow bigger.
What makes healthcare institutions such attractive targets?
There are practically two reasons behind the growing number of cyberattacks against the healthcare sector. First, healthcare institutions store tons of valuable data. Healthcare records can be sold at a significantly high price on the dark web, and financial gain is the main goal of most of the data breaches. Not to mention that we’re not just talking about the records on your last vaccine shot or your spine X-ray. Consider all the other information you have to provide to your healthcare institution: your name, address, credit card information, social security numbers, and so on. All of that information can be compromised during a data breach.
Next, healthcare organizations make a great target because of their outdated attitudes towards cybersecurity. Most of the institutions may not have enough resources to invest in the latest cybersecurity measures. They might be using outdated software to store their data, and such software (that is no longer supported!) can be easily breached and hacked.
For some institutions, it might also be hard to implement strong cybersecurity guidelines because of the sheer size of a particular system. Bigger organizations may not react fast enough to the latest trends, and hackers are definitely quick to exploit that.
Finally, just as the Keeper Security’s report suggests, at least 66% of the healthcare organizations realize the importance of passwords when it comes to protecting their information from data breaches. However, more than half of the organizations that participated in the survey admit that they do not monitor the password practices of their employees. Thus, it is very likely that most of the passwords used by healthcare employees are either too simple or constantly reused.
Needless to, using weak passwords or recycling them is one of the biggest mistakes one can make when it comes to cybersecurity. And since it is hard to monitor every single employee, healthcare institutions should consider employing passwords managers to ensure safe password practices. For example, a tool like Cyclonis Password Manager would ensure that every single account has a unique and strong password, and those passwords would be stored safe under a strong encryption, minimizing the data breach potential.
What are the most common cybersecurity attacks against healthcare institutions?
According to the Keeper’s Security survey, the most common attacks in 2019 reported by healthcare institutions were phishing, malware, and web-based attacks. Phishing refers to scams that usually reach their victims via emails. For instance, a scam email might urge the victim to click an outgoing link where they will be forced to fill out some fake form. If the victim fills out the form, healthcare information will get stolen by hackers.
Malware infections usually refer to trojans and ransomware. Hospitals are known to pay ransoms to retrieve sensitive patient information that’s been encrypted by ransomware attacks, which makes them into more desirable targets. And web-based attacks would entail certain infections and data breaches that reach the institution through various websites that their employees surf around.
All in all, most of these infection vectors can be thwarted if the healthcare sector employees are more aware of the potential cybersecurity threats. It is especially important these days because with the COVID-19 pandemic, the cyberattacks against the healthcare sector have reportedly doubled. And the same trends are common all over the world.
Hence, the best way to ensure that your healthcare institution doesn’t experience multiple data breaches is by raising cybersecurity awareness, upgrading your software systems, and investing in the IT sector.
It is very unlikely that the cyberattacks against the healthcare sector would back down anytime soon. You can think of it as a type of cyber warfare that never ends. So, instead of letting these criminals to profit from the anxiety when people are the most vulnerable, healthcare institutions should ensure safe cybersecurity practices among their employees, and if necessary, invest in cybersecurity education courses. Although the main purpose of the healthcare sector is to provide everyone with medical services, it cannot ignore the change of times. Understanding the importance of personal data security and reinventing itself should be one of their top priorities.