Healthcare has always been one of cyber criminal’s most attractive markets. Today, network modernization, increased M&A and Medical Things Internet (IoMT) make them an attractive target for cyber attackers. Add the need for information sharing among organizations.
According to the 2019 HIMSS Cybersecurity Survey, nearly two-thirds of non-acute and vendor organizations have experienced a security incident over the past 12 months. Both bad actors and negligent insiders initiate these incidents. As of December 27, 2018, 351 data breaches of 500 or more health records were notified to the Office for Civil Rights (OCR) of the Department of Health and Human Services in the U.S, resulting in more than 13 million health records being exposed in 2018 alone.
It is clear that cyber attacks have made healthcare system their favourite target. Much of the appeal of targeting electronic personal health information (ePHI) has to do with the breadth of data holding as well as with the susceptibility of the medical industry that has not prioritized digital security as it has evolved.
In contrast to a breach of credit card data, health care information can be much more valuable to an attacker with birth dates, social security numbers, and a person’s disease information. It is possible to use disease information against prominent corporate and government leaders. It also takes longer to detect medical identity fraud compared to other types of fraud. The intent of these targeted cyber attacks can vary — whether causing a DDoS attack or identity fraud in the healthcare system, driving blackmail schemes, or holding hospitals and healthcare providers for ransom — not to mention the potential hazards inherent in vital, lifesaving medical devices that are as cloud-connected as mobile phone networks.