Cyber-attacks in Healthcare: A Growing, Dangerous Concern

09/03/2020 | Mazars The Ledger

For many years, the healthcare industry has been generally immune from the barrage of cyber-attacks which have been primarily directed towards the financial and retail sectors. In addition, data breaches tend to involve lost or stolen devices, often with unencrypted data.

No more.

Today, healthcare entities have become prime targets for cyber-attackers, who are drawn to rich repositories of personal data that can fetch prices 20 to 30 times higher on the black market than stolen credit cards. Last year, an estimated 66% of healthcare organizations experienced a cybersecurity incident impacting approximately 109 million patients. Overall, cyberattacks cost the US healthcare system about $6 billion a year. The attacks come from sophisticated networks of cybercriminals, often located overseas.

The potential damage to an institution’s financial stability and reputation from one of these breaches is significant, which is why every executive up to the CEO along with members of the board of directors should be concerned. However, a 2015 survey of nearly 300 healthcare organizations found that just a quarter allocated more than 6% of their annual budgets to IT security. About half allocated less than 3%. In addition, few had committed a significant percentage of IT employees to the issue.

Be prepared. Ask your Account Manager for more information on our Security Risk Assessments. 

UNDERSTANDING THE BREACHES

While there are numerous types of attacks, including distributed denial of service, phishing, and advanced persistent threat attacks, healthcare executives should be aware of two recent additions:

  • Business email compromise. Also known as “CEO fraud,” this attack begins with an email sent directly to the CFO, ostensibly from the company’s controller, asking for an electronic funds transfer. The email appears legitimate because it includes information gleaned from social media. The FBI issued an alert on this type of attack last year, calling it an “emerging global threat.”
  • Ransomware. Hospitals are the perfect target for ransomware, in which cyber-attackers infiltrate IT system with malware. Once they have control of the system and/or its data, they demand payment to return control. In February, Hollywood Presbyterian Medical Center experienced a ransomware attack that prevented staff from being able to access electronic health records. The hospital eventually paid hackers $17,000 in ransom to regain access. A similar attack at MedStar Health in Maryland required the system to shut down its entire computer networks for several days and providers to revert to paper processes.

CONNECTED DEVICES A THREAT

Hackers have a unique advantage in hacking into hospital systems that doesn’t exist in either retail or banking sectors: interconnected medical devices. Nearly every device in a healthcare setting, from infusion pumps to MRIs, has a computer chip that allows it to communicate with the EHR and other systems. Most run legacy software that hasn’t been updated in years and have hard-wired passwords that haven’t been changed. Not only can hackers then move into the organization’s main IT systems from the device, but they could reprogram them to cause harm to patients.

TAKING AN OFFENSIVE APPROACH

It is nearly impossible to completely protect your IT systems against cyberattacks. However, there are numerous steps healthcare organizations can take to take to minimize the number and severity of such attacks:

  • Employ a strong security posture, including multi-layered endpoint and network security, encryption, strong authentication and monitoring capabilities; first-and-foremost, ensure all software and plug-ins are up-to-date.
  • Regularly conduct risk assessments and mock exercises; analyse the results, assess lessons learned, and quickly address any identified vulnerabilities.
  • Provide mandatory ongoing education and training for all employees; enforce the use of strong passwords; in addition, make sure users understand and practice good security hygiene.
  • Hire and maintain an appropriately sized and skilled IT security team. Also consider pre-contracting with top-tier managed security service providers and third-party experts to assist in the event of a breach.

It’s not a question of whether or not your facility will be attacked; it will, and probably already has. The question is: “Can I contain the damage and defeat the attackers?”

Be prepared. Ask your Account Manager for more information on our Security Risk Assessments. 

View Original Mazars Article

 

Leave a Reply

Your email address will not be published. Required fields are marked *


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.

Please complete the sign in form below.

[contact-form-7 404 "Not Found"]

Please complete the sign in form below.







Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.



Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.

Enter code DAShealth to view video.
CONTACT YOUR ACCOUNT MANAGER TODAY FOR MORE DETAILS!