While many types of businesses are vulnerable to cybersecurity threats, the number and severity of cyber assaults on healthcare facilities have grown exponentially in the past few years.
According to a study, the healthcare industry was the sector most targeted by ransomware cyber attacks in Q3 of 2022, with a 5% increase from the number of attacks in the previous year. These cyber attacks devastate nonprofit hospitals and health systems, causing material revenue and expense pressures. But why is healthcare such a popular target for cyber criminals?
There is a large amount of sensitive data maintained by healthcare entities that relate to patient care and operations. During the height of the COVID-19 pandemic, cyber criminals went on a rampage, which had never been seen before. They disrupted the healthcare industry at a time when patient care demands were at an all-time high.
Data from the Department of Health and Human Services (HHS) showed that there was an 84% rise in data breaches towards healthcare companies between 2018 and 2021, while the number of victims, increase from 14 million to 44.9 million. As a result, the financial flexibility of hospitals has been negatively affected because ransomware payouts and efforts to harden cyber defenses have increased operating expenses.
Cyber attacks can also potentially hinder revenue generation and the ability of healthcare providers to recover costs. According to an IBM report, on average, the industry loses $10.1 million for every data breach that happens. This can be especially prevalent if the cyber crime affects the hospital’s ability to bill patients when financial records are compromised. Not only do these critical data breaches pose significant financial burdens, but they also hinder the ability of healthcare facilities to provide care. This can ultimately have a toll on human life.
Cyber attacks against healthcare facilities in the United States rose by a whopping 55% in 2020 compared to the previous year. Additionally, cyber criminals have gotten more sophisticated in how they attack healthcare systems. This has elevated healthcare providers’ overall cost when trying to recover from an attack.
The databases of hospitals and healthcare systems contain extremely sensitive patient data, which is sought after by cyber criminals and is used for ransomware and double extortion schemes. In the United States, strict confidentiality laws are in place on both federal and state levels that are meant to protect patients, such as the Health Insurance Portability and Accountability Act (HIPAA). When a healthcare system is breached, and patient information is disclosed, that provider can lose consumer confidence.
Not only is the trust of their patients on the line, but hospitals and other providers can find themselves in legal hot water if they are the victims of a data breach. Both lawsuits and federal enforcement actions, such as steep fines, may happen if a healthcare system is deemed negligent after a cyber attack. This was especially prevalent after nonessential staff began working remotely during the COVID-19 pandemic, as there were more opportunities for infiltration.
The healthcare sector has also increased its usage of integrated technologies like smart medical monitoring devices and telehealth. The software used in such devices and for heavy medical equipment like CT scanners is usually proprietary, and it is generally designed around patient care and not cyber risk. This equipment is costly, and hospitals tend to rely on it for a long time, even if it has outdated software that can lead to gaps in cyber security.
In addition to healthcare facilities like hospitals and doctors’ offices being at risk of cyber crime, health insurance companies are another popular target for cyber criminals that contain much of the same data. Increasingly sophisticated techniques are being used by cyber criminals to penetrate health insurance companies, in part because they have continued the digitization of insurance transactions, clinical records, and billing information.
Much like hospitals and other healthcare systems, health insurance companies and related third parties are on the hook for the information they are supposed to protect. If they fail to do this, they face huge risks to their finances, reputations, and operations, not to mention regulatory punishments. And since cybersecurity is very expensive to defend against, health insurance companies can expect lower returns since attacks are only growing in frequency.
The healthcare industry will cumulatively spend more than $125 billion on cybersecurity products and services from 2020 through 2025. The biggest key to reducing the risk of data breaches is identifying the gaps in IT systems where the risk to critical assets – in this case, patient information – is highest. This would be hardware and software on mobile devices, laptops, workstations, and servers.
At Managed Services Group, we help your healthcare organization be prepared by avoiding and remediating security breaches. We can safeguard your business against cyber attacks to efficiently keep your sensitive data protected. Keep malware, ransomware, and other threats away from your organization’s cyber environment and avoid all the downtime that comes along with it. If you are a Florida healthcare company, book a FREE network analysis with us and put yourself at ease knowing your data is safe and secure.