In 2018, two patients rushed into the emergency room of Maricopa Medical Center, Phoenix. Dr. Paul Pugsley examined these two patients. One of the patients was an elderly lady who was suspected to be suffering from stroke. The other patient was suffering from a severe pain in chest. Dr. Pugsley suspected it a case of heart attack.
To confirm whether the old lady was suffering from stroke because of a clot in the brain or because of a bleeding in it; Dr. Pugsley ordered for a CT scan. On the other hand, Dr. Pugsley asked the catheterization lab to provide the images of the man’s arteries. The technicians told the doctor that they could not do either since their computers were useless until they paid ransom in the form of Bitcoins.
This was only a single example of cyber-attack that targeted a hospital. It is therefore easy to estimate the impacts of cyber-attacks targeting entire healthcare industry.
Healthcare sector is an inevitable part of the society that has not only helped in increasing the lifespan but also, has improved the quality of life. Healthcare is one of the fastest developing sectors since the measure of development it has seen is incomparable to other sectors. Unlike other sectors, almost everyone is connected to this sector.
The advancement in technology has resulted in advancement in the healthcare sector as well. Medical devices are being based on the state-of-the-art technology. From simple wearable devices like smart inhalers, insulin pen, continuous glucose monitoring device, connected contact lenses to equipment such as MRI machines, smart drills, smart beds et. Researchers are using virtual reality to integrate robotic in medical surgeries. Even a few surgeries are being performed by robots in some parts of the world.
Statistics of cyber-attacks in healthcare industry
In 2015, the most attacked industry was healthcare as per the Cyber Security Intelligence Index by IBM. More than 100 million healthcare records were compromised during 2015 and more than 8,000 devices in 100+ countries.
According to a report, healthcare sector has been the number one target with losses accounting to $1 billion. There are number of reasons behind its popularity among the attackers.
According to a report by Ponemon institute, within the timespan of two years, 89% of the healthcare organizations have suffered from data breaches in the U.S that resulted in the loss of an estimated $6.2 dollars to the sector.
As per HIPAA journal, breach in patient records during the year 2018 have doubled to more than 13 million records. More than 2500 cases of data breaches have occurred between 2009 and 2017 leading to theft of more than 175 million records. In the year 2009, only 18 cases of data breaches were recorded. In 2010, this number increased by more than 10 times to 199 cases of data breaches. The year 2018 marked a new high with 365 cases of data breaches reported.
Journal of Cyber security predicts that there is a 75.6% chance of potential breach in 5 million records during the next year.
In the year 2018, more than 3.14 million patient records have been accessed because of more than 140 data breaches in the healthcare industry.
Why do cyber attackers target healthcare industry?
In many cases of healthcare breaches, it has been observed that attackers breach into database, access patients’ records, steal them and sell them. According to a report, patient records are being sold for a meagre $50 on the dark web. In countries like U.S. attackers can access expensive medical services, products as well as expensive medicines with the help of stolen medical records. Healthcare sector has proven to be extremely fruitful for the attackers with a single record costing at an average $408.
Take the case of Anthem breach for example. Treated as the biggest data breach attack in the healthcare industry. On 4th of February 2015, attackers hacked into the server of Anthem Inc. and stole the records of 78.8 million people.
Around 1.5 million patient records including the record of country’s prime minister, were accessed from Singapore government’s health database during the year 2018.
The year observed one of the most shocking attacks where the medical data of half of the Norway’s population was leaked. According to BleepingComputer, this attack occurred on 8th of January.
In June 2018, UnityPoint Health around 1.4 million patient records were compromised through a phishing attack that broke into the email system of the Iowa-based hospital and clinic system.
In the same year, 2.65 million patient records of Atrium Health were breached as a cyber attack was deployed on its billing vendor AccuDoc Solutions, Inc.
Healthcare sector survives on research, invention and implementation. There was a time when a simple case of ‘fever’ would have cost a life. Nowadays, medical science has become advance enough to treat almost every form of cancer. Let alone a case of ‘fever’. The credit goes to the continuous research that is taking place in the healthcare sector. Many healthcare companies have become multi-million businesses because of an invention that has changed the medical science. Many of the cyber-attacks have led to attackers hacking into the system, stealing valuable research data and stealing it to the competition.
To mint money
As per the 2018 Verizon’s Data Breach Investigations Report, ransomware attacks account to 85% of all the cyber-attacks on the healthcare sector. In 2016 alone, 88 percent of all the ransomware attacks were targeted on the healthcare sector in U.S. Indiana based healthcare system, Hancock health was hit by a ransomware attack that locked up the computers. The attack costed the company around $55,000 in bitcoins.
According to a 2018 report from Radware, the cost of cyber-attacks increased up to 52% accounting to more than $1 million.
This integration of technology, its connectivity and reach within healthcare sector has made this sector extremely susceptible to cyber-attacks.
How can organizations in healthcare industry safeguard their infrastructure against cyber attacks?
These statistics are extremely concerning since vulnerable and sensitive information such as PHI is in the hands of malicious entities that can misuse this information. On an average, 60 to 80 percent of the data breaches go unreported. As per the Thales report, only 32% of the organizations use encryption to protect their cloud data. Organizations are investing their money in security tools that are not updated and are unable to protect the data effectively. Healthcare industry invests less than 6% of its budget in cybersecurity. On an average, this is less than half of what other industries are spending on cybersecurity.
Do a background check
Take the case of Atrium Health. The patient records of the organization were breached because of the data breach that occurred in its billing vendor’s infrastructure. It is therefore extremely important to do a background check of the vendors that your organization is working with.
Putting money where it belongs
Organizations are required to invest their money in the cyber security of their organization. They need to adopt cyber-security measures that are capable to protect sensitive data and information from cyber-attackers. Managed security services such as Penetration Testing, help organizations in patching loopholes that might give attackers an access to the system.
According to a research it has been found out that hospitals have started spending 64% more than before on advertising in order to revamp their image. This results in an annual expenditure of around $688,000.
It has been discovered that 90% of the cyber-attacks take place due to employee negligence. Cyber -attacks like Phishing and Ransomware are deployed through emails. A single click can destroy the entire organization. It is therefore, extremely important to conduct training programs for employees that can help them understand the methodology of such attacks.
Restricting the access
Organizations should limit employee access across different levels of the network. This will limit the risk exposure towards probable cyber-attacks.
Securing the ‘smart’ devices
Today, more and more medical equipment are based on ‘IoT’ technology. It is therefore, extremely important to secure these devices. IoT devices security testing helps in minimizing the vulnerabilities that might damage the entire infrastructure of the organization.
According to a report, 86% of the medical practitioners believe that mobile applications will play a significant role in health management of patients. Coming days will see the incorporation of technology with the healthcare industry on an entirely different level. Every now and then we seen new technology, devices and techniques becoming a part of the healthcare industry. This will result in an increase in the areas of vulnerabilities that can be easily exploited by attackers.
It is therefore very important to understand the importance of cyber security. Organizations are required to employ measures that will ensure the security of their confidential and sensitive information from the malicious entities.
The world is changing every second. ‘Older’ decays and ‘new’ blooms. That’s how nature works. It is important to shed the older methods that have proven to be ineffective in the long run.