By 2025, global cybercrime will total $10.5 trillion, surpassing all other economies outside of the United States and China in size and profitability. Cybercrime in particular is having a significant negative influence on the American healthcare system.
According to Earthweb, phishing emails are being sent out by cybercriminals daily from all around the world, with U.S. healthcare firms being one of their main targets. Healthcare respondents to a Sophos investigation in 2021 reported paying ransoms at a rate higher than any other industry: 61%. And in only one year, ransomware assaults on healthcare organisations rose alarmingly by 94%.
The epidemic aggravated the issue. Insecure networks and overworked healthcare workers are being used by hackers to access their systems. Data from Paubox shows that since the epidemic started, there have been an increasing amount of attacks on healthcare practitioners as well as a 600% spike in fraudulent emails.
Why is healthcare such a target for cyberattacks?
Attacks on healthcare companies have increased as a result of their strong willingness to pay a ransom, the value of patient records, and frequently lax protection. Bad actors take advantage of the sector’s zero-sum decision between paying a ransom and endangering patients’ lives. Healthcare providers frequently accede to requests to put patients first since they are unable to adequately serve patients without access to records and monitoring digital medical technologies connected to health networks. However, it is crucial to remember that not all businesses that pay a ransom receive their data recovered.
Because patient information is one of the most coveted commodities for criminals today, phishing attempts are particularly harmful for healthcare institutions. Protected health information (PHI), one of the most sought-after commodities on the dark web, is extremely valuable to cybercriminals. Experian values stolen health records at $1,000 each, while credit card numbers trade for about $5 each, an Instagram account that has been hacked is worth $7, and Social Security numbers are only worth a pittance of $1.
Additionally, criminals with experience in drug trafficking and money laundering are ready to purchase medical records so they can obtain prescription drugs, submit false medical claims, or steal the data to open credit cards and take out illegal loans. While accounts and credit cards are rapidly cancelled, medical records are a rich source of priceless and permanent data information.
Exorbitant ransoms are another result of healthcare cyberattacks. For instance, since 2018, Ryuk ransomware has allegedly been used to demand millions from American healthcare organisations. According to IBM Security’s annual Cost of a Data Breach Report, the average cost of a healthcare data breach has also increased to $10 million.
How to defend against cybersecurity risks in healthcare institutions
Security must be a top concern for every healthcare organisation. Organizations are advised to adopt a zero trust strategy because email is one of the most popular entry channels for data breaches.
Additionally, healthcare practitioners are required by law to safeguard patients and their PHI, particularly while sending and receiving emails. Therefore, cybersecurity and HIPAA compliance must be addressed in email security strategy and solutions.
To avoid a data breach, cybersecurity executives should take the following actions:
1. To lower the danger of social engineering assaults via email and network access, educate and train the personnel.
2. Prioritize implementing the security plan with the required budget, staff, and resources by evaluating enterprise risk against all potential vulnerabilities.
3. Create a cybersecurity road map that is clear to all members of the healthcare organisation.
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) urges companies to educate themselves about the growing danger posed by ransomware and offers access to online government tools to assist healthcare facilities in taking precautions.
Not adopting an email security programme carries too much danger.
Leaders of the health system are requesting assistance to fend off hackers. Insurance companies occasionally refuse to pay for losses, and there have been grievances about a lack of support from the government or law enforcement.
Take into account the fact that 60% of healthcare organisations have raised rates to date in order to cover the cost of a breach. Legal fees and regulatory compliance costs might last for years. These expenses are being passed down to the already-burdened American public.
The best course of action for healthcare organisations is to acknowledge the serious threat posed by the ongoing cyberwar, evaluate their current situation, and plan and implement a security strategy specifically designed for the industry, arming staff with the resources required to thwart a cyberattack.
