Why Cyber criminals Attack Healthcare – IBM

By on April 27, 2016

Why Cyber criminals attack healthcare more than any other industry

In a report IBM wrote that in 2015 Healthcare was attacked more than any other industry and had over 100 million health records were comprised.

IBM X-Force® Research 2016 Cyber Security Intelligence Index outlines findings in more details.  The report can be downloaded by [clicking here].  You’ll be required to provide your name and business information before you download it.

Healthcare leaped ahead of the manufacturing, financial services, government and transportation industries.

Data breaches in the healthcare sector are also getting larger – with five of the eight largest health data breaches reported since 2010 (those with more than 1 million records compromised) occurring in the first six months of 2015, IBM’s report said.

Why cybercriminals attack healthcare more than any other industry – Naked Security

While the average cost of a data breach across all industries was $3.8 million in 2014 – up 23% from 2013 – the the cost per record in the healthcare sector was $363 per record breached, more than twice the overall average of $154 per record.

Why cybercriminals attack healthcare more than any other industry – Naked Security

In February, the Hollywood Presbyterian Medical Center in California was hit by ransomware, which forced the hospital to shut down all of its computers and depended on fax machines and paper records for a week.

Rather than lose all its patient medical records, the hospital decided to bite the bullet and paid the ransomware crooks 40 bitcoins, or about $17,000, to restore the hijacked files.

Although ransomware cybercrooks tend only to be interested in data for the ransom value, healthcare data is becoming more lucrative for cyberthieves who sell the data on the black market.

As IBM explained, health records contain a wealth of information that can be used for medical identity theft and fraud:

[Health records] typically contain credit card data, email addresses, social security numbers, employment information and medical history records – much of which will remain valid for years, if not decades. Cyberthieves are using that data to launch spear-phishing attacks, commit fraud and steal medical identities.

The healthcare sector is also an appealing target for cybercriminals because the industry’s approach to cybersecurity is behind the times.

Earlier this year, Sophos conducted a survey of IT decision makers across multiple industries in six countries, finding an alarming laxity in many organizations’ approach to data security.

Our survey found that the healthcare sector had one of the lowest rates of data encryption, with only 31% of healthcare organizations reporting extensive use of encryption, while 20% said they don’t use encryption at all.

Sophos encryption survey

Other studies have shown that the healthcare industry lacks a culture of security.

A Sophos survey of National Health Service (NHS) organizations in the UK found that encryption was “well established” in just 10% of them; while a 2016 study of hospital cybersecurity found that patient health records are “extremely vulnerable” because of a lack of focus on cyberattacks and insufficient training.

Beyond data breaches perpetrated by hackers, health data is frequently exposed through accidental loss, device theft and employee negligence.

And it’s not just hospitals, doctors’ offices, and insurance companies that are failing to protect healthcare data – private employers frequently leave their employees’ private healthcare information unencrypted.

Click here to read the original article.

About dkorolyk

I've been involved in Healthcare IT and PACS since Y2k. Over the years I've been fortunate enough to be involved in a lot of interesting an diverse projects. My experience also includes numerous HL7/EMR integration projects as well as many hardware and software platforms. My three main areas of expertise include technical integration aspects of radiology, oncology and laboratory diagnostics.

You must be logged in to post a comment Login

Join 1000s of other Healthcare IT Professionals

Enter your email below to get the latest News on Healthcare IT, Training Events and Career Information

We hate SPAM too. Your email is safe with us.