Cyberattacks on the healthcare sector are rising and becoming more sophisticated today, and big hospitals and small private clinics are both targets. Just in the past three years, more than 93% of healthcare companies have suffered a data breach. There has also been a 45% increase in cyberattacks targeting healthcare organizations globally since November 2020.
Why do cybercriminals target the healthcare industry?
Cybercriminals target healthcare companies because they store large amounts of protected health information (PHI) such as medical records, Social Security numbers, credit card details, and other similar data. Hackers steal these types of data and sell them on the Dark Web.
It doesn’t help that many firms still use outdated technology and legacy systems. According to a Duo Security report, 76% of healthcare organizations in 2020 were still using computers running Windows 7, an operating system that no longer receives updates or security patches. Many companies do, in fact, fail to keep their systems up to date not just because of costs, but also due to concerns that upgrading would cause operational disruptions.
What are common cyberthreats to healthcare?
Being aware of the most frequent cyberthreats to healthcare can help protect your business from data breaches and other disasters. Let’s take a look at some of them:
Phishing involves an attacker sending out a fraudulent email, text message, or making a call to trick a victim into giving out confidential information. And today, healthcare is one of the industries that are often victimized by phishing attacks.
In a study published in the Journal of the American Medical Association, it was discovered that many hospital employees still fall for phishing emails, with one out of seven recipients clicking on phishing emails per a simulated phishing test.
This shows that many hospital employees have difficulty spotting a phishing mail, which makes hospitals highly vulnerable to phishing scams. What's worse is that it only takes one successful phishing attack to compromise an entire healthcare organization's IT system.
2. Business email compromise (BEC)
BEC is a cyberattack targeting organizations working with businesses that regularly perform wire transfer payments. This attack compromises or fakes corporate email accounts to conduct unauthorized fund transfers. A BEC attack can be done in two ways:
- CEO fraud: A hacker poses as a high-level employee of a company and requests payments from customers and partners.
- Invoice payment requests: A hacker pretends to be a legitimate vendor and sends a fake invoice requesting a payment usually via wire transfer.
BEC scams have destructive effects on businesses. In fact, between January 2014 and October 2019, the FBI Internet Crime Complaint Center received complaints equating to more than $2.1 billion in losses from BEC scams.
Ransomware is a malicious program that encrypts a computer’s files and applications, and threatens to prevent access to data and/or systems unless a ransom is paid. Such attacks are damaging to healthcare organizations because these could affect their ability to deliver proper patient care, and even endanger the lives of patients.
In August 2019, physicians from a Washington hospital were forced to document cases on paper after their organization was hit with ransomware. And in late 2020, hospitals became the main target of the Ryuk ransomware, a targeted attack that was responsible for 75% of the ransomware attacks on the US healthcare sector.
Healthcare businesses are more likely to pay the ransom than deal with downtime, which is why cybercriminals commonly target them. Unfortunately, paying will not always guarantee the recovery of data or access to the system, as some cybercriminals may refuse to give a decryption key. Some attackers may even publish the data they stole, if a company refuses to pay the ransom.
4. Distributed denial-of-service (DDoS) attacks
In a DDoS attack, cybercriminals use thousands of computers to target an internet-accessible system and flood it with connection requests. Once the traffic becomes too heavy, the network will crash and become unusable.
This poses a serious threat to companies that rely on constant access to their network to operate and provide proper patient care. For this reason, healthcare companies must remain alert to such attacks because DDoS attacks on healthcare systems rose substantially in 2020 when the pandemic forced many businesses, including healthcare organizations, to go digital. It is predicted that cybercriminals will continue targeting the industry in 2021.
Don’t let cybercriminals compromise your company’s security and steal your data. Partner with a trusted managed IT services provider like Healthy IT. Our top-class Cybersecurity Solutions will provide your healthcare practice with multilayered security and 24/7 surveillance to keep your data constantly protected. To learn more about cybersecurity best practices, download our FREE eBook today!