Health Care Cries for Concrete Cybersecurity
The health-care industry has a rather large target on its back. It is a beautiful mark for cybercriminals, who see it as a gold mine chock full of patient information just waiting, begging to be prospected (hacked) and sold (black market). This is heaven for malicious hackers.
Bad actors are all too aware that they can make a fortune from successfully infiltrating a health-care organization. Unfortunately, such businesses make it all too easy for them. Data breaches cost the U.S. health-care industry an estimated $6.2 billion each year, according to the Ponemon Institute.
A State of Privacy and Security Awareness Report, conducted last March, surveyed more than 1,000 medical professionals to shed light on the cybersecurity awareness of health-care sector employees. The key findings are shocking, revealing just how dire things are, and how ill-prepared the health-care industry is to protect itself against the cybercriminals eagerly waiting in the wings (in dimly-lit rooms, evilly steepling their fingers in anticipation — probably).
This throws into rather sharp relief how badly health-care organizations need MSP services. To further highlight this, here are a few key insights from the aforementioned survey, as reported by Continuum:
- Twenty-four percent of physicians and other types of direct health-care providers showed a lack of awareness toward phishing emails, compared to 8 percent of their non-medical field counterparts.
- One-half (50 percent) of physicians scored in the “risk” category, which means their actions make their organizations susceptible to a serious security incident.
- Nearly one in four (24 percent) physicians couldn’t identify the common signs of malware, compared to 12 percent of the respondents in the general population survey.
- Only 18 percent of health-care workers were able to identify phishing emails. They were presented with an email from a suspicious sender with an attachment in the email. Nearly nine in 10 (88 percent) opened the attachment. Doctors were three times worse at identifying phishing emails than their non-physician counterparts.
- Another one in four (23 percent) respondents failed to identify common signs of a malware-infected computer. For example, they were unable to realize that their internet browser was repeatedly sending them to the same site, regardless of the URL they entered — a very strong sign of malware.
- Almost one in five (18 percent) chose risky actions when presented with scenarios involving storing or sharing patient data. Many respondents thought it was acceptable to share patient data over personal emails or through insecure, cloud-based platforms.
See? This is not good. These are just a few examples of the widespread problem. A recent incident highlights the types of sensitive and valuable information malicious hackers usually go after.
The Independence Blue Cross (IBC) faced a tough one last year. On Sept. 17, IBC experienced a large data breach, affecting more than 17,000 customers. The breach leaked customers’ names, dates of birth, provider information, diagnosis codes and other highly sensitive data that could be used to steal patients’ identities.
Back in 2016, the Hollywood Presbyterian Medical Center was forced to pay $17,000 in bitcoin as ransom to a cyberthug who had hacked into and seized control of its computer systems.
“They paid the ransom and they were public about it,” said Denise Anderson, president of the U.S. National Health Information Sharing and Analysis Center.
Unfortunately, this instance called attention to this type of hacking and …