Why Healthcare is Still a Growing Target for Cybercriminals

This year, data breaches have spanned the industry gauntlet. From social media platforms such as Facebook and WhatsApp's Aadhaar credentials, to retailers including Panera and Under Armour, many of the biggest headlines are well outside the healthcare realm. Fortified Health Security just released their 2018 Horizon Report detailing how the threat landscape has been adapting in healthcare, and unfortunately, these companies are hardly out of the woods.

Data Breaches in the Healthcare Industry

What's the Prognosis?

As the report underscored, the most striking difficulty that healthcare organizations face is the struggle to align patient engagement initiatives with data security. This tension becomes evident when you consider that the number of healthcare organizations impacted by a data breach has risen 25% in the past 12 months. The report found that, as of mid-November 2017, 303 healthcare entities had experienced a major breach, resulting in at least 4.7 million compromised patient records. Other alarming findings:

  • 40% of all breaches were the result of hacking, accounting for a 10% increase over 2016

  • Healthcare providers remain the most targeted organization type

[GRAPH] Entities involved in a data breech

In addition to the fallout from compromised personal records, studies show that 40% of consumers would either cease to use, or avoid, a healthcare organization that had been hacked. And these threats don't show signs of stopping. Fortified Health Security outlined predictions for the coming year, anticipating:

  • Increased threats posed by Internet of Things (IoT) devices

  • New variants of WannaCry ransomware

  • A double-digit increase in data breaches

  • An increase in breaches due to third party neglect 

Signs and Symptoms

Fortified Health Security found that most organizations suffered from one of the following: a complete lack of approved and published procedures, policy sets that had not been updated in years, or approved policy sets that were overlooked or ignored. These organizations also lacked thorough security engineering when integrating hard- and software solutions. Basic security measures including strong password standards, management, and system patching were also inconsistent or absent. 

[GRAPH] Percentage of Hacking and IT Incidents in Healthcare

A subsequent report from SecurityScorecard further explored the correlation between end-users and organization safety. For medical professionals, the proliferation of IoT devices, smartphones, and tablets make it increasingly difficult for centralized IT departments to secure their networks. These employee devices store sensitive patient data while acting as gateways to the network and databases. Third party providers also add a layer of vulnerability, particularly those vendors who fail to limit user exposure and maintain compliance. SecurityScorecard found:

  • Healthcare ranks third-worst for endpoint security

  • Poor patching is the most prevalent threat in the healthcare industry

  • Other issues include: typo-squatting, vulnerable end-users, weak encryption, and device end-of-life date

Customized Treatment

Cybercriminals put your company's patients, data, and future at risk. But that doesn't need to be the case. With proactive security plans, your organization can:

  1. Implement effective vulnerability monitoring and management

  2. Protect data through encryption, identity management, and routine system patching

  3. Detect and stop potential breaches through Data Loss Prevention (DLP), Security Incident Event Monitoring (SIEM), and Intrusion Detection Systems (IDS)

  4. Design a thorough, well-thought-out incident response plan to mitigate the consequence of a security event or breach 

For more information about safeguarding your healthcare organization, contact an iCorps technician today

Contact for a Free Consultation