5 Ways Attackers Are Targeting the Healthcare Industry

The healthcare industry is one of the largest industries in the United States and potentially the most vulnerable. The healthcare sector is twice as likely to be the target of a cyberattack as other sectors, resulting in countless breaches and millions of compromised patients per year. Advancements in the techniques and technology of hackers and identity thieves could escalate these vulnerabilities into a major crisis if the healthcare industry doesn’t adapt.Cybersecurity in HealthcareIn 2015, over 113 million patients in the healthcare industry were the victims of an information breach, resulting in lost patient revenue and identity theft. The high volume of cyberattacks on healthcare organizations may be an indicator; the average organization receives 32,000 cyberattacks on a daily basis, a much higher rate than other industries experience. A lack of cybersecurity infrastructure and the high value of personal information makes these organizations likely targets for cybercriminals.The healthcare industry’s increasing reliance on electronic medical records and internet-connected medical devices means the problem of data breaches could increase in the coming years. In 2017, the estimated total losses from cyberattacks amounted to $1.2 billion, and this number is expected to grow as the attack surface of the healthcare industry increases. The same way consumers and patients have their own resources to protect against identity theft, healthcare organizations need their own systems in place to protect against cyber threats. The following list covers the biggest threats to the industry going forward.Data BreachesThe healthcare industry has the highest rates of data breaches out of any sector. Of the 551 data breaches in 2017, 60% were in the healthcare industry. In some cases, hackers have broken into healthcare databases undetected and maintained access for weeks before they were discovered.The most common types of data breaches are hacking and malware-based attacks. Hackers can sell healthcare data and medical records for over 100 times more than personal data from non-healthcare industries. But not all data breaches are cybersecurity-related; a data leak can also occur through an employee or a lost laptop.To thwart data breaches, healthcare organizations should ensure that data is encrypted at every point between the patient and an organization’s data storage. Trainings for healthcare staff on data security can also help reduce the number of accidental disclosures.RansomwareRansomware attacks tripled in 2017, and the healthcare industry receives more of these attacks than any other industry. A ransomware virus disables a computer or server until a ransom is paid to the hacker. Hospitals use their IT systems for critical patient care, making ransomware potentially life-threatening if it causes a delay in critical care processes.In 2016, a ransomware attack rendered the hospital network of Hollywood Presbyterian Medical Center inoperable until the administration paid out $17,000 to the attackers. An analysis of the attack showed that the hackers had gained access to an outdated server without using hospital staff as an entry point. Attacks like this demonstrate the importance of a two-part approach to cybersecurity that involves staff training and rigorous network security protocols.Social EngineeringHackers looking to exploit a healthcare network’s security system often target hospital staff and other human victims in order to gain access. This type of attack happens through social engineering as a means of subverting even the most rigorous security systems. Phishing attacks, the most common social engineering approach, use a manipulative email to trick a victim into clicking a link or entering their password information. These emails will often download malicious software directly to the system, granting the attacker unlimited access.Unlike other security threats, social engineering approaches can be combated only through education. Trainings for staff and administrators on identifying a phishing email and avoiding malicious links. Many organizations employ a strategy known as “red teaming,” where trained cybersecurity professionals play the role of attackers and test the organization’s preparedness.Distributed Denial of Service AttacksDistributed denial of service (DDoS) attacks are purely disruptive and are a popular tactic for hacktivists who want to shut down a network out of protest, malice or anarchism. These attacks create a coordinated assault from several hundred to several thousand computers, which overwhelm a network or server to the point of inoperability.In 2014, Boston Children’s Hospital was embroiled in a controversial custody case involving a 14-year-old patient. The sensitive nature of the case spurred the hacktivist group Anonymous to conduct a successful DDoS attack, which resulted in over $300,000 in damage and lost productivity over a one-week period. Healthcare is often connected closely with politics, and it’s likely that DDoS attacks could occur more frequently in the future. Protecting against these attacks requires close coordination with service providers to ensure that critical networks can remain operational under a DDoS onslaught.Insider ThreatsA healthcare organization’s cybersecurity system is only as strong as its weakest link. Even the most rigorous cybersecurity network can be bypassed by an insider, making this type of attack one of the most difficult to prevent. Many disgruntled or criminally motivated employees have compromised healthcare organizations by installing entry points to a hospital’s network from the inside.Insider threats aren’t necessarily malicious. The increasing number of personal devices in hospitals poses an additional insider threat to these organizations. Smartphones, tablets, and laptops are allowed at 81% of healthcare organizations, but only half of these organizations have plans in place to secure these devices. Personal devices are often unencrypted and may be carrying malicious viruses or “worms” that can compromise connected networks.Cybersecurity is a constantly evolving field. Healthcare organizations must be ready to invest in ongoing security protocols to remain ahead of the most common attacks. Complete security might be impossible, but a reduction in service interruptions and lost data could help healthcare organizations exponentially going forward. 

Alex Haslam

About the Author: Alex Haslam is a tech writer specializing in technology’s human connection — how it affects our lives, careers, and relationships, and how we can use it to keep ourselves and our data safe. She contributes regularly to several top-tier tech publications and is working to help increase tech literacy through writing about today’s technology in an accessible way.Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.