Repeat Offender

It’s a Fact

When you search for cyberattacks by vertical, always in the top categories is healthcare.  It can be filtered from there by the size of the business, whether it is enterprise or small to medium-sized establishments, but the information targeted is patient data.

Why?

Because who knows more personal information about you than your doctor?  Likely, no one.  And if that data can be accessed, it can be like opening a treasure chest of data to a hacker.  So many ways to manipulate that data, it can be an endless source of income via ransomware or sales on the dark web.

Back for More

With outdated and unsupported systems allowing easy access for hackers, the amount of PHI uncovered in a simple breach makes it a jackpot find.  Not only are technical security gaps an easy entrance for cybercriminals into healthcare organizations, but poor employee cyber-hygiene makes it incredibly easy for hackers to find their way in. Once these databases go for sale on the dark web, they are then used AGAIN by other cybercriminals for a second round of attacking whether it be by selling the patient data or using administrative credentials to login and hit the network with another breach.

This activity is not limited to US-based hackers either.  Foreign-based hackers have been found to target US healthcare networks in an attempt to blackmail them, as well as gain access to research data.  Not only does this pose a threat to the patient data, but to the United States medical industry in a different way.  If advances in treatment, prescription solutions, or any type of research is stolen and credited to another business entity or country, US-based businesses will suffer that loss financially or from lack of recognition.

What’s the Remedy?

Raising awareness, updating equipment, networks, software, etc. and addressing the risk of biomedical devices before they are in place – all are necessary.  We also need to continually address the human factor within healthcare organizations as it is proven time and time again that this poses one of the highest risks to any breach occurring.