October 15, 2024

Holistic Pulse

Healthcare is more important

Why The Healthcare Industry Has Become A Primary Target For Cybercriminals

Why The Healthcare Industry Has Become A Primary Target For Cybercriminals

Juta Gurinaviciute is the CTO at NordLayer, a remote access security provider for global organizations.

The recent ransomware attack on Change Healthcare, a major health technology company, has sent shockwaves through the healthcare system. With payment disruptions continuing to cost providers an estimated $100 million per day, according to an estimate from First Health Advisory, this incident underscores why the healthcare industry is one of the most lucrative targets for cybercriminals.

As the CTO of NordLayer, a cybersecurity company, I have witnessed a trend of malicious actors increasingly setting their sights on healthcare organizations. There are various reasons, but they primarily stem from the valuable data these institutions possess and the critical nature of their operations.

What Makes The Healthcare Industry Vulnerable?

Healthcare providers have access to tons of sensitive patient information, such as medical records and payment information. This data has immense value on the black market and can be exploited for identity theft or financial fraud. Cybercriminals know healthcare organizations are willing to pay ransoms to regain access to this data and restore normal operations.

Moreover, the healthcare industry has a complex IT environment. There are countless connected devices, outdated systems or third-party vendors that threat actors can exploit. The rush to enable telehealth and remote services during the pandemic further expanded these vulnerabilities. Too often, cybersecurity investments have not kept pace, leaving healthcare providers underprepared to defend against sophisticated cyber threats.

Perhaps most crucially, the life-or-death nature of healthcare makes these organizations prime targets for ransomware and other disruptive attacks. Cybercriminals recognize that hospitals cannot tolerate prolonged IT outages that put patient lives at risk. This willingness to quickly restore operations at any cost has fueled a profitable criminal enterprise.

Statistics To Know

The latest data simply illustrate the escalating cyber threat to healthcare. In 2023 alone, the FBI’s Internet Crime Complaint Center (IC3) received 1,193 cybercrime complaints from organizations across 14 of the 16 nationally critical infrastructure sectors—with 249 of those coming from the healthcare industry.

This trend has been going on for quite some time. From 2018 to 2022, the U.S. Department of Health and Human Services (HHS) reported a 93% increase in large healthcare data breaches reported to its Office for Civil Rights (OCR), soaring from 369 to 712 incidents. Even more alarming, significant ransomware data breaches skyrocketed by 278% over that same period.

The consequences have been severe, with cyber incidents forcing hospitals and health systems to divert patients, postpone critical procedures and endure extended care disruptions—directly jeopardizing patient safety.

In 2023, the scale of healthcare data breaches reached unprecedented levels. According to the latest HIPAA Journal analysis, a record 133 million individuals were compromised. This represents a 156% increase from 2022 and surpassed the previous high of 113 million breached records set in 2015. On average, 373,788 healthcare records were breached every single day.

The impact on patient trust has been profoundly negative as well. A recent survey found that 95% of patients expressed concerns about their medical data being stolen or leaked online, with 70% harboring moderate or extreme worries specifically about healthcare data breaches. More than half did not believe that companies handling their health information provided adequate privacy and security protections.

What Should Healthcare Organizations Do?

Healthcare organizations are waking up to the harsh reality that they can no longer leave cybersecurity as an afterthought. The threats are just too damaging and widespread. Some leading health systems are getting serious—enforcing data protection and access controls, ramping up security awareness training and renovating policies for HIPAA compliance.

However, securing the modern healthcare environment that spreads across cloud storage services, remote devices and legacy systems is complex. That’s where specialists can provide tremendous value. They offer efficient solutions that integrate top-tier data security seamlessly without bogging providers down in complexity. Healthcare IT leaders are realizing they don’t have to go it alone on this challenge.

The key is being proactive rather than playing catch-up after an incident. Make security the backbone of everything from software development to remote access policies. With innovative partners and a prevention-first mentality, healthcare organizations can regain control of their cybersecurity.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


link

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © All rights reserved. | Newsphere by AF themes.