Year-over-year cyber experts warn the healthcare industry they are among the most targeted industries for cybercrimes. Why is this? And how can hospitals protect themselves?
The problem: By the numbers
Though the problem of hospitals being targeted for cybercrimes isn’t new, it’s one that hasn’t been properly rectified.
A 2013 Ponemon Institute survey revealed that 94 percent of healthcare organizations experienced at least one breach over since 2011 and nearly half (45%) were struck by more than five. And, since 2013, the impact hasn’t lessened.
A 2016 study by the same institute shows that 89% of studied healthcare organizations have experienced a data breach, which involved patient data being stolen or lost, over the past two years.
A specific example comes from 2017, and a worldwide cyberattack by a ransomware called WannaCry. This attack shutdown 65 hospitals in the United Kingdom. The impact of WannaCry wasn’t just on hospital computers during this attack. The reach was much greater impacting patient care, storage refrigerators, MRI machines and other critical medical equipment that operate from the hospital’s networks.
In 2016 a study by security company Solutionary found that healthcare industry was the victim of 88% of all ransomware attacks in the U.S.
So, it’s obvious that cybersecurity in hospitals is increasingly important. Why are hospitals targeted so specifically?
Why are hospitals targeted?
Hackers can take total control over hospitals. From computers with pertinent patient data to MRI machines, hackers know that hospitals will do anything to recover control of their equipment quickly.
That’s what makes them uniquely susceptible to ransomware.
Ransomware is a type of malware that locks a user out of their computer or files until a sum of money has been paid. And hospitals have a lot to lose if they are unable to access their equipment.
The most obvious issue is HIPAA compliance. If a hacker steals patient information, hospitals can be on the hook for fines, lawsuits and loss of reputation. And while privacy is important, it’s not the whole picture.
It’s also important to note that during attacks like ransomware, hospitals can lose access to patient information which can halt care. Especially if ransomware affects critical medical equipment. This doesn’t just halt hospital operations, it risks lives.
A 2016 IBM survey found that 70% of businesses who have had experience with ransomware attacks in their workplace have paid to have stolen data returned. And, it’s estimated data breaches cost the U.S. healthcare industry an estimated $6.2 billion, annually, according to the Ponemon Institute.
How can hospitals begin to protect themselves?
What should hospitals do to protect themselves?
Ransomware is the most prevalent threat in the healthcare industry. It can delay patient care, delete data, cost money, impact employee productivity, and force a HIPAA breach notification, all from a single infection.
To prevent, fight and recover from a ransomware attack we recommend the following:
- Install quality antivirus and antimalware programs on all computers and servers.
- Have a provider scan all website and email traffic before it enters the network.
- Train all staff to recognize a ransomware threat and how to avoid becoming infected.
- All hospitals should perform regular risk assessments. Can you find vulnerabilities before a hacker can?
- Backup your information and password protect your backup.
- Limit access to your information. Only grant permissions to select staff members, and authorize access using EZPD shared licenses.
Though nothing can truly guarantee the prevention of ransomware, the aforementioned measures may help with HIPAA violations and act as a line of defense to protect sensitive files.
Use a password protection as your first and strongest line of defense. Learn more about how EZPD can protect hospitals today.