Sage Advice - Cybersecurity Blog

Why are Cyberattacks in the Healthcare Sector on the Rise?

cyber-attacks-in-healthcare-on-the-riseHealthcare organizations are a favorite target for cybercriminals. In the first quarter of 2018, about 1.13 million patient records were compromised in 110 healthcare data breaches (Protenus Breach Barometer). That’s about one data breach per day.

And US Consumers are paying the price. According to Accenture’s 2017 Survey, one in four consumers had their healthcare data stolen, and half of all breaches resulted in identity theft. Victims paid an average of $2,500 out-of-pocket costs per incident.

Let’s take a look at why the healthcare sector remains a top target for cybercrimals, and why the threat won’t likely dissipate in the near future.

#1. Medical information is highly valuable.

Because medical information is so rich in content – it often includes social security numbers, dates of birth, insurance information, medical history, etc. – it can be worth up to three times more than financial information on the dark web. Medical identity theft takes the crime one step further because with medical information, the thief can see a doctor, get drugs prescribed, file insurance claims, and even have surgeries or other procedures performed. And all of that becomes part of the victim’s medical history!  

In addition to identity theft, information obtained from healthcare facilities can provide criminals with different avenues to exploit someone. Trading on the vulnerability of people who have already been victimized, they can leverage the compromised data to go after those patients. For example, the hacker could masquerade as an insurance agent and attempt to collect money from the patient. Or pose as a company offering identity theft protection on behalf of the healthcare organization the data was originally stolen from… for a fee of course. 

#2. Healthcare organizations are an easy target.

Healthcare organizations typically have a very large attack surface. They are complex and often include a multitude of medical devices with weak or no protection at all. Plus they manage an extremely wide range of patient data from a variety of different sources. Additionally a lot of people have authorized access to the network because in healthcare it’s very common to have a variety of temporary workers, students, and vendors. All these factors increase the number of vulnerabilities. And the more vulnerabilities there are, the easier it is for a hacker to find their way in.

#3. Healthcare organizations are immature in terms of cybersecurity.

Regardless of size, healthcare organizations often have many legacy and in-house developed applications that are required to do certain things. There are operating systems that are no longer supported, and applications that are outdated. This isn’t easy to change because patient care is always going to come first. There is an immediacy in healthcare environments, where if a system is down or unavailable because of security concerns, people may get sicker, or die. 

In addition to outdated systems, applications, and technologies, many healthcare organizations don’t have the budget to invest in a skilled cybersecurity staff or the tools necessary to mitigate a data breach. This makes cybersecurity a huge challenge.

Finally, healthcare organizations haven’t had the same regulatory pressure for securing information as other sectors, like financial services. The fact that cybersecurity isn’t a priority isn’t surprising because there is a life and death component to the work that they are doing.  And saving a human life will always take precedence.

This is all good news for hackers.

But not all hope is lost! Learn how you can protect yourself in our blog post, Medical Identity Theft: Tips for Detection, Correction, and Protection.

Cybersecurity Risk Assessment & Analysis

Topics: Healthcare, Threat Intelligence


The Sage Cybersecurity Lifecycle

The Sage Data Security Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More