The health-care industry has a rather large target on its back. It is a beautiful mark for cybercriminals, who see it as a gold mine chock full of patient information just waiting, begging to be prospected (hacked) and sold (black market). This is heaven for malicious hackers.

Bad actors are all too aware that they can make a fortune from successfully infiltrating a health-care organization. Unfortunately, such businesses make it all too easy for them. Data breaches cost the U.S. health-care industry an estimated $6.2 billion each year, according to the Ponemon Institute.

A State of Privacy and Security Awareness Report, conducted last March, surveyed more than 1,000 medical professionals to shed light on the cybersecurity awareness of health-care sector employees. The key findings are shocking, revealing just how dire things are, and how ill-prepared the health-care industry is to protect itself against the cybercriminals eagerly waiting in the wings (in dimly-lit rooms, evilly steepling their fingers in anticipation — probably).

This throws into rather sharp relief how badly health-care organizations need MSP services. To further highlight this, here are a few key insights from the aforementioned survey, as reported by Continuum:

See? This is not good. These are just a few examples of the widespread problem. A recent incident highlights the types of sensitive and valuable information malicious hackers usually go after.

NH-ISAC’s Denise Anderson

The Independence Blue Cross (IBC) faced a tough one last year. On Sept. 17, IBC experienced a large data breach, affecting more than 17,000 customers. The breach leaked customers’ names, dates of birth, provider information, diagnosis codes and other highly sensitive data that could be used to steal patients’ identities.

Back in 2016, the Hollywood Presbyterian Medical Center was forced to pay $17,000 in bitcoin as ransom to a cyberthug who had hacked into and seized control of its computer systems.

“They paid the ransom and they were public about it,” said Denise Anderson, president of the U.S. National Health Information Sharing and Analysis Center.

Unfortunately, this instance called attention to this type of hacking and …

… boosted ransomware in health care.

Everyone. Everyone is a target. Large or small, big hospitals, smaller practices — bad actors don’t discriminate. It’s abundantly clear that there are massive gaps in terms of proper defense in health care, with a large percentage of organizations not properly armed to defend themselves against cyberthreats. Cybercriminals are all too eager to take advantage of this.

This of course has serious implications for patient information, but it also means financial and reputational damages, loss of patient trust and legal issues (hello HIPAA).

If you’re an MSP servicing the health-care vertical, the first step needs to be education. And then more education. And then more of it. Health-care sector employees have the ability to be the first layer of defense against cyberthreats, but they need security awareness training that includes both security and privacy awareness.

As we see with the stats above, a lot of breaches happen because of employee error — simple mistakes that can wreak havoc with the stroke of a keyboard button. With the right education and information, health-care employees can be properly armed to protect their medical practices and patients. The consequences are too great not to be.