Healthcare is Ransomware’s #1 Target

Standard

Did you know that healthcare now holds the number one spot for most cyber attacked industry?  According to the 2016 IBM X-Force Cyber Security Intelligence Index, it does.  In 2015, Financial Services held the number one spot and healthcare was not even in the top six!

Hackers have identified healthcare as their most lucrative hacking opportunity.  Some of this is driven by the increase in healthcare information that is being moved into the digital domain.  Two other factors also weigh heavily; cybersecurity awareness/education and available workers with the right skillset to combat the threat.

100 million patient records were breached in 2015, globally.  Healthcare organizations have a treasure trove of personal data that can be used fraudulently.  More so than most other industries.  Breached healthcare data is most often sold on the dark web for increasing per record costs that line the hackers war chests.  Compared to a stolen credit card number, which may sell for $1 per record, healthcare records can sell for as much as $50 or more, per record.  These figures come from data compiled by the FBI, which I have heard confirmed in person, by an agent from the FBI’s Cyber Division.  Another complicating factor with healthcare data is that unlike a credit card account, which can be cancelled if it is breached, you can’t just cancel your personal health data.

There have been some high-profile ransomware attacks on hospitals that have resulted in large payments to hackers, in order to recover impacted data.  In one case, the virus was embedded into a Word document and shut down the cancer treatment center at a major hospital.

Ransomware in the healthcare industry, has been highly successful, in terms of revenue extorted by hackers.  IDC, a respected technology market intelligence firm, is projecting attacks will double over the next year.  Several organizations predict overall attacks to quadruple over the next 3 years.

HerjavecIn the fall of 2014, I had the opportunity to meet and hear speak, Robert Herjavec.  Most people know him from the popular TV show Shark Tank.  However, he is also the founder and CEO of The Herjavec Group, headquartered in Toronto, Canada.  The Herjavec Group is a highly respected cybersecurity firm.  Together with a company called Cybersecurity Ventures, the two companies have released their 2017 Healthcare Cybersecurity Report.

The report talks about ransomware quite a bit.  Some of the most important points are that paying ransomware creates a self-fulfilling prophecy of sorts, providing the hackers with a strong revenue stream that allows them to further invest in research and development to perform even more successful hacks.

One of the key findings in the report is that ongoing employee training about the risks of ransomware and email phishing is critical to protecting healthcare organizations.  Healthcare employees are necessarily focused on providing excellent patient care.  They need an ongoing cybersecurity education program in order to keep the threat top of mind and equip them with the skills they need to not fall victim to the hackers approach.  Another key finding is that solid backup and business continuity plans are critical if a hacked organization is to have the option of not paying the ransom and instead recover their impacted data themselves.  A surprising number of healthcare organizations have resorted to paying the ransom because they did not have a reliable backup that they could restore from.

More healthcare organizations are starting to place a long overdue emphasis on the cybersecurity threat.  Hospitals, being the highest profile targets, are leading the way and many have implemented dedicated cybersecurity teams to evaluate all aspects of healthcare technology.  Technology in healthcare is rapidly expanding beyond the traditional computer network.  Connected devices are emerging everywhere, right down to the bed a patient is assigned to.  Protecting this infrastructure is critical, as is reporting any incidents to the FBI.

Private practices need to be aware of these risks as well, especially because most do not have the resources needed to properly secure themselves.  Employee training and robust backup, just as they are for large organizations, are the most fundamental areas needing investment.

While the bulk of this report focuses on specific threats, past hacks and future trends, another critical issue facing not just healthcare, but the entire economy is the tech workforce.  There remains a significant gap in skilled technology workers to fill open IT jobs.  Most reports place this deficit at one million or more jobs.  CompTIA, the Computing Technology Industry Association, is the global leader in certifying the technology workforce.  CompTIA has been vocal for many years about this skills gap and works with private and public institutions around the globe to drive awareness of this issue.  CompTIA has just released their annual Cyberstates report, which highlights this workforce issue and delves into specifics on a state by state basis here in the United States.

Ransomware remains one of the most serious threats currently in active circulation.  So much so that two European cybercrime law enforcement agencies and two well-known cybersecurity companies have formed an initiative called No More Ransom to combat ransomware.  There are free tools available to any organization victimized by ransomware as well as links to notify the appropriate authorities about an attack.  Initiatives like this, that fight back against the hackers, together with increased awareness, training and technical safeguards may help regain the upper hand in this evolving cybersecurity battle.  Time will tell.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s