Every organization should take steps to improve encryption, keep backups up to date, and continually remind employees of the ever present danger of hackers getting into computer systems.
Multiple healthcare providers across the United States, including Faxton St. Luke's Healthcare, Gifford Health Care, UPMC Cole and UPMC Wellsboro have reported being affected by a ransomware attack on CaptureRx, a San Antonio-based company providing administrative services to healthcare organizations.
It is reported that files containing the health information of customers and patients, such as names, dates of birth, medical record numbers, and prescription information were accessed and stolen in the breach. CaptureRX announced that it began investigating the incident and notifying the impacted parties.
Having to work with the good old pen and paper after medical staff gets locked out of the system is one thing, but when they can’t access important medical data like information about critical care patients, the situation may become a matter of life and death. Just a month ago, the police in Germany launched an investigation after a woman died as a result of being transferred to another hospital following a ransomware attack.
So, why is healthcare such an appealing target for cybercriminals? And what measures can healthcare providers take to protect patients’ data?
What makes healthcare so attractive to hackers?
Healthcare institutions are a potential gold mine for cybercriminals,as they get to take hold of an overwhelming amount of the most sensitive data. Besides intimate medical data nobody wants to have exposed, hackers can get their hands on other private information, such as patients’ home addresses, social security numbers, and banking information. If stolen, this data can end up in financial or identity theft scams.
Unlike in other sectors, for example, retail, the information stolen in attacks against healthcare cannot be changed upon the detection of the breach. You can always get a new credit card or change your leaked passwords, but you can’t change your DNA.
Healthcare organizations make for an ideal prey for hackers, as many use outdated security software and continue to underinvest in cybersecurity. The healthcare industry invests only 4% to 7% of revenue in digital security initiatives. In comparison, the financial sector spends 15% of its revenue on cybersecurity. This is keeping in mind that, to the private healthcare sector, leaks of personal data might mean huge fines and even criminal charges for HIPPA violations due to negligence.
All of the reasons above provide hackers with a good chance of having their ransom demands fulfilled. To avoid a bad reputation and even legal repercussions, healthcare institutions must make cybersecurity their top priority.
What practical measures can healthcare organizations take to protect themselves?
Here are some steps healthcare companies should take to increase cybersecurity and protect patient information:
Oliver Noble is a security and encryption expert for NordLocker, a cybersecurity company.
Bridging the Diversity Gap in Rare Disease Clinical Trials with Harsha Rajasimha of IndoUSrare
November 8th 2023Briana Contreras, an editor with Managed Healthcare Executive, spoke with Harsha Rajasimha, MD, founder and executive chairman of IndoUSrare, in this month's episode of Tuning in to the C-Suite podcast. The conversation was about how the disparity in diversity and ethnicity in rare disease clinical trials in the U.S. has led to gaps in understanding diseases and conditions, jeopardizing universal health, and increasing the economic burden of healthcare.
Listen
Study Raises Concerns Over Insurance Barriers to HIV Prevention Medications
November 29th 2023Despite its efficacy, PrEP remains underutilized compared to the need for it. High costs are among the barriers to PrEP use, along with limited knowledge among clinicians, lack of health insurance, stigma, and underestimation of personal HIV risk.
Read More
Managing Editor of Managed Healthcare Executive, Peter Wehrwein, had a discussion with William Shrank, M.D., a venture partner with Andreessen Horowitz, a venture capital firm in Menlo Park, California, about how artificial intelligence's role is improving healthcare, where we are today with value-based care and the ongoing efforts of reducing waste in the healthcare space for this episode of the "What's on Your Mind" podcast series.
Listen