Healthcare Breaches – the Tip of the Cyber-Iceberg
By Yossi Geller
When it comes to cybercrime and healthcare, we are witnessing the tip of the cyber-iceberg. We are at the genesis of the scene…and it appears that cybercriminals are just getting wormed-up. The WannaCry attack in the UK shed some light on the vulnerability and lack of preparedness of modern healthcare institutions. Around 40 hospitals were affected, with doctors and healthcare professionals unable to access vital computing resources and medical records unless they paid a Bitcoin ransom. As a result, health care facilities needed to cancel operations and appointments, causing potentially life-threatening scenarios.
So what makes healthcare institutions so attractive to cybercriminals? Healthcare organizations are often a lucrative and easy target for cyber criminals predominantly because they rely on ageing infrastructure. Medical facilities frequently rely on dated technology and legacy security systems because they simply can’t afford to update them. As cybercrime becomes increasingly niche and sophisticated, the need for advanced security solutions is necessary. And healthcare facilities lag behind.
Another reason cybercriminals view healthcare organizations as their victim of choice is the profitability and monetization of patient data. Healthcare records, much of which remain valid and exploitable for years, contain valuable information for hackers. Credit card data, email addresses, social security numbers, employment information and healthcare records can be used in many instances of fraud or identity theft. And their value on the cyber black market continues to grow. In 2016, the going rate of patient data ranged from $1.00 to $7.00 depending on the quality of the record.
In past years, healthcare records have become a key economic driver of the Dark Web economy. Last year, a Baltimore substance abuse treatment facility had its database hacked. Patient records found their way onto the Dark Web, data including dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information were offered up at a bulk price of $300. In another case, a Farmington, Missouri healthcare organization was compromised and its data went on sale for over $100,000.
Healthcare cyberattacks hit at the core of our insecurity. If a healthcare system fails, then there’s a chance that lives could be put at risk. Cybercriminals clearly understand the psychological implications of compromising medical facilities. From stealing patient data, to shutting down operation rooms, cyber villains prey on the uncertainty of the general public and the perception that they or their loved ones may be impacted. And it’s not just perception, it is hard facts: 2016 was a banner year for healthcare breaches – affecting hospitals, dental clinics, and senior care facilities, among others.
The pace has only increased in 2017. Healthcare security professionals are stressed. And they should be. Cyber criminals will continue to stalk healthcare institutions and prey on the emotions of the general public. And for that reason, medical institutions needs to improve their security arsenal with security solutions like Cynet.
The Cynet 360 advanced threat detection and response platform provides every aspect of enterprise security, from day-to-day threat identification and protection, to immediate Incident Response when under attack. With valuable and sensitive patient at stake, a healthcare organization’s cyber security measures need to be thorough, thought-out and, should the need arise, ready to respond in case of breach.
Yossi Geller is Cynet’s VP of Global Marketing