The healthcare industry continues to be a prime target for hackers, given its store of confidential medical records, Social Security numbers, and insurance data. This type of patient information carries a premium on underground Dark Web markets – it can be used for lucrative fraud efforts, or to mount convincing email attacks designed to deliver viruses and malware.
Hospitals, doctors’ offices, and other healthcare facilities have a responsibility (both legal and ethical) to reduce the risk of data exposure for their patients. But the reality is that outdated systems, vulnerabilities in medical devices, and a lack of in-house IT resources are big obstacles for many healthcare businesses.
It’s this perfect storm – underprepared organizations and people willing to pay top dollar for stolen data – that has led to an increasing number of data breaches in the healthcare vertical. You may have heard of a recent UConn Health phishing attack that impacted 326,000 patients; or how Navicent Health, the second-largest hospital in Georgia, had to notify patients that their personal data was potentially breached after their email system was compromised. Some breaches are also inadvertent; for example, medical device maker Zoll Medical reported in March that the personal information of more than 277,000 patients was exposed during a recent server migration.
In all, adding up the public figures, breaches are compromising the personal health information (PHI) of over 2 million people per month.
Investing in cybersecurity is something that all healthcare companies should do – but that’s often easier said than done, especially if other mission-critical spending trumps that investment. Nevertheless, it’s critical to take cybersecurity seriously. If your organization is making the choice to put off investment in defending your patients’ data, here are 10 stats that are worth considering.
- The healthcare sector is the most-targeted industry, accounting for 41 percent of all cybersecurity breaches reported in 2018, according to Beazley Breach Insights.
- The healthcare segment actually experiences twice the number of cyberattacks as other industries (source: Fortinet). In 2017, there were an average of 32,000 intrusion attacks per day per organization, compared to about 14,300 per organization in other industries.
- Healthcare also has a significantly higher rate of insider breaches than any other sector, Beazley found. This is particularly dangerous as it’s harder to track down attacks from within.
- The same firm found that about a third of healthcare’s reported breaches were related to hacking or malware attacks, with another 31 percent caused by accidental exposure such as database misconfigurations. That means that a third of the breaches are entirely avoidable.
- About 39 percent of healthcare organizations are hit daily or weekly by hackers, according to the Radware 2018-2019 Global Application and Network Security report. And, only 6 percent of respondents said they’d never experienced a cyberattack.
- Ransomware – where a criminal infects a network with malware that encrypts files and prevents users from accessing them until a fee is paid – primarily targets healthcare. In fact, hospitals account for up to 70 percent of all ransomware attacks, according to analysis from an MIT professor and researcher.
- Cleaning up from an incident is not cheap: Executives from the National Association of County and City Health Officials say that healthcare breaches can cost up to $400 per patient; and yet, only 33 percent of the industry has taken the preventative measure of protecting themselves properly.
- When everything is taken into account, healthcare cyberattacks cost $1.4 million on average in recovery. This cost is directly tied to a loss of productivity, reputation damage, and service disruption, among other business impacts.
- There are other costs too: Hospitals spend 64 percent more annually on advertising for two years following a breach, in an effort to repair the hospital’s image and minimize the loss of patients to competitors.
- And finally, the danger is only growing. According to a 2019 Bitglass study, the average number of individuals affected per healthcare breach was 39,739 in 2018 – more than twice the average of 2017.
Healthcare will continue to be a lucrative target for hackers throughout 2019, with weaponized ransomware, misconfigured cloud storage buckets, and increasingly sophisticated phishing emails. Security threats will continue to increase in sophistication as we become more and more dependent on technology.
“Digitization continues to increase, supply chains are becoming more complex and attacker sophistication is improving,” according to a Moody’s Investors Service report.
Yesterday was too late, but today is better than tomorrow to improve your security posture. Act today: Schedule a free consultation with TPx to find out how to meet the challenges of securing patient data using reliable, cost-effective managed services. Visit www.tpx.com/managedIT or contact your TPx representative to learn more.
About the Author
Lucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler.