26 Dec 2016
The year isn’t quite over yet, so there could be a few more attacks, but the year of 2015 saw 57 major cyberattacks against healthcare organizations. 2016 is up to 93 as of the middle of December. That’s a year-to-year increase of 63%, and it will likely get worse.
This data was compiled by TrapX labs using data from the Office of Civil Rights at the Department of Health and Human Services. The top three attacks alone compromised 8.2 million patient records.
Hackers were responsible for over 30% of all the year’s major HIPAA breaches, a 300% increase over the last two years. Over 12 million patient records were stolen as a result of cyberattacks, which is actually down from previous years. However, so many patient records have been stolen that the price for buying them on the dark web has gone down.
There are two main causes of the cyberattacks. The first is unsecured medical devices, accessed via malware in emails and USB sticks. Once a hacker has access to a system they are able to install backdoors into tools like diagnostic equipment to steal information broadcast from them. This type of data theft is difficult to detect and even harder to defend against since most devices don’t check for such lateral attacks.
The second huge cyberattack issue facing healthcare organizations is ransomware. Health providers are an easy target because lives can literally depend on the organization’s operations and it’s much quicker to pay a ransom than to recover from one. Hospitals have shut down from ransomware attacks. Given the quick turnaround time and a very high return on investment, ransomware attacks are expected to see a big increase in the coming years.