10 May 2017
According to a report by Herjavec Group, the trend for Black Hat Hackers to target not only hospitals but the healthcare industry in general began to skyrocket in 2016. Unfortunately, that disturbing trend does not appear to be slowing in 2017, nor for the foreseeable future.
The problem is that the industry is just too vulnerable.
It appears that healthcare providers are finally beginning to take these threats as seriously as they need to be, with spending projected to surpass $65 billion by 2021, but is it too little too late?
Another major issue is that Bitcoin, the preferred means of cyber criminals to collect their cyber ransoms, has stated that they will continue to allow their users to remain anonymous, which includes hackers.
Matt Anthony, who is the vice president of incident response at the Herjavec Group, states that “Bitcoin is the engine for cybercriminality, and as long as there is an anonymous way for criminals to get paid, it’s not going to get better anytime soon,” he said. “It’s a winning combination for organized crime – not necessarily Italians in smart suits and fedoras, either. There are large organized communities in China and Russia.”
It is also known by these cybercriminals that healthcare providers will pay the ransoms – because they have to; the health of their patients depends on it. Added on to that is the fact that the industry is currently in a massive transitionary period in which a vast majority of health-related companies are becoming more interconnected. This is good news for patients in one way, but the problem is that older systems were not built with cybersecurity in mind and hospitals house extremely sensitive and private patient information. All of these factors culminate to make this industry extraordinarily attractive to criminals and ripe for hacking.
And while these companies are throwing resources towards staying relevant in this new digital age, it leaves fewer resources available to fund and focus on much-needed cybersecurity updates. It is believed that ransomware damages will soon reach $1 billion.
So while they healthcare companies are becoming aware that they need to update their security, they may not always be able to do so. Many of these organizations have taken the steps needed to implement a backup strategy, but they often fail to test and/or restore the data regularly.
“If they’ve never faced a bad attack, hospitals might be complacent about testing restore technology,” Anthony said in his report.
To remain safe, hospitals need to not only back up their data, but they must also utilize the tools and services that are available to them through the cloud services, and they need to practice with these tools so that they can be swift in implementing them if needed.
Just like life insurance, data backup plans are tools that will hopefully never have to be used by your company, but if the situation does necessitate it, your company will be glad that it has them. It can save the business millions of dollars, and in the case of the healthcare industry, it can also save the lives of the patients.