Posted on Monday, November 13, 2017 in CybersecurityBlog written by Rob Swenson
The national movement from paper files to electronic medical records has greatly improved the efficiency of treating patients. Important medical information can be transferred more easily from one facility to another, for example, and that can improve the level and timeliness of care that doctors and other professionals provide.
The downside of the technological advances in the medical industry is that increased portability and accessibility to electronic records gives criminals worldwide valuable targets to pursue. In fact, cybersecurity experts say medical records have become hackers’ No. 1 target.
Experion, for example, reported in its Annual Data Breach Industry Forecast that in 2017, healthcare would be the most targeted business sector in the world. Experion is an information-services company that does business globally.
“Personal medical information remains one of the most valuable types of data for attackers to steal, and cyber criminals will continue to find a market for reselling this type of sensitive information on the dark web,” according to Experion’s report.
“Healthcare organizations of all sizes and types need to ensure they have proper, up to date security measures in place, including contingency planning for how to respond to a ransomware attack and adequate employee training about the importance of security,” the reported concluded in a section about the healthcare industry.
Ransomware probably presents the biggest threat to healthcare reorganizations. Cyber thieves can gain a lot of financial leverage by encrypting or threatening to erase medical records.
Identity theft is also a big problem. Thieves can use stolen healthcare information, for example, to fraudulently get prescription drugs or medical equipment to resell.
Healthcare IT News reports that healthcare was a lucrative target for hackers in 2016 and that, unfortunately, 2017 has brought more of the same. The organization’s website has summaries of healthcare organization breaches to help others avoid mistakes.
Among those featured is one reported earlier this year at Plastic Surgery Associates of South Dakota. It has offices in Sioux Falls, Dakota Dunes, Yankton, Mitchell, and Watertown in South Dakota and in Spencer, Iowa. Some patient data might have been exposed in the ransomware attack. But Officials lost access to some evidence during the cleanup process, so the extent of potential problems could not be precisely measured.
The business offered patients safeguards, including a year of credit monitoring through Equifax. In a cruel irony, Equifax was subsequently hacked, too.
The Plastic Surgery Associates’ case highlights the need for organizations to regularly back up information from their networks and routinely test the backup process.
Another breach summarized on the organization’s website underscores risks that social engineering presents. Augusta University Medical Center in Georgia was the victim of two phishing attacks during the past two years. In the most recent attack, hackers apparently gained access to the email accounts of two employees. Investigators didn’t say whether patient data was accessed.
In another case, a locked safe in a storage unit was stolen from Washington State University. The safe contained a hard drive with backup files from a research center. The case highlights the need to not only back up data offline, but to encrypt it.
HIPAA, short for the Health Insurance Portability and Accountability Act of 1996, requires healthcare organizations to report breaches within 60 days of discovery. The regulation helps keep the businesses and consumers informed of the risks they face.
In addition to backlash from customers, healthcare organizations that don’t adequately protect sensitive information might face legal consequences. A growing pile of evidence suggests that, overall, the industry is a coveted target for hackers and needs to do more to protect electronic information in its care.
SDN Communications has a variety of resources available to all businesses to improve their cybersecurity profile. Start with the basics and a free booklet. Use the button below to download your free digital copy of Cybersecurity Starts With The Basics.