Light Dark
September 30, 2021 By Justine Brown 4 min read
Healthcare
Identity & Access
Incident Response
Network
Risk Management

Health care data continues to be a prime target for cyber attacks. Cybersecurity Ventures predicts the health care industry will fall victim to two to three times more cyber attacks in 2021 than other industries.

Successful cyber attacks compromise both patient safety and the public’s trust. But why, exactly, is health care such an attractive target? Experts boil it down to a perfect storm of three key elements. Many hospitals and clinics rely on outdated systems and infrastructure; health care organizations have been slow to adopt cybersecurity best practices and technologies; and privatized health care networks, hospitals and clinics often have substantial financial resources. The risk (patient safety) is high, so attackers assume the reward (money) will be easier to collect.

At the same time, the chances to breach health care systems appear to be growing. Health care facilities are increasingly using networked digital infrastructure and Internet of Things (IoT)-based medical equipment and devices to connect to centralized networks. Cyber criminals see these connections as potential new doors into closed networks and systems. In other words, now is a critical time for health care groups to boost their defenses.

Check out this year’s top health care security stories. We take a deep dive into how ransomware strains are pushing health care organizations to their limits. How can you improve your chances of preventing a successful attack? Lastly, take a look at the latest “cost of a health care data breach” cyber attack statistics. Check out our top news from the world of health care so far in 2021.

Briefs and Top Insights

5-Minute Read 🕒

Health Care Ransomware Strains Have Hospitals in the Crosshairs

Ransomware continues to be the weapon of choice for health care cyber attacks. And when it comes to ransomware, Ryuk and REvil were the evil twins of destruction. Both were sold as ransomware as a service. Ryuk spreads via phishing campaigns disguised as honest business emails, such as customer complaints or hiring decisions. REvil gained access by exploiting vulnerabilities. Users injected it by exploiting openings in application web servers, breaking into remote access gateways. (As of now, REvil has mysteriously disappeared, but it’s still useful to recognize its tactics.)

Find out more about these two strains of ransomware, how they work and what you can do to protect your health care environment from these and other types of attacks.

4-Minute Read 🕒

How to Boost Your Health Care Data Cybersecurity Immune System

Health care saw a 45% increase in attacks in the last two months of 2020. That’s twice the rate of other verticals, according to Check Point software. Read this story to find suggestions and best practices to thwart ransomware attacks, understand the critical role of HIPAA compliance and ensure your group is doing all it can to promote security and disaster recovery best practices.

6-Minute Read 🕒

Health Care Data: It’s Your Personal ‘National Security’ Information

In many ways, health care data is the crown jewel of personally identifiable information (PII). And once it’s compromised, attackers can use health care data to harm you. For some people, that harm could go beyond simple financial fraud and identity theft. Attackers can also manipulate you based on your health.

Read this article to find out some key questions you should answer about health care data and tactics that can help you protect it, including using data cold storage, health care encryption standards and frameworks and keeping up with new legislation and technology rules.

4-Minute Read 🕒

Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond

New IBM research found the average health care data breach costs its victim $7.13 million. That was the highest cost across all industries in 2020 and almost double the global average. Of these incidents, 80% resulted in the exposure of customers’ PII. Given that data, this is a critical time for hospitals and other health care organizations to invest in and mature their security operations center (SOC).

This article discusses two critical ways to avoid a hospital cyber attack or protect your data. First, it covers bringing IoT and operational technology into the scope of the SOC’s responsibilities. In addition, it walks you through assessing the existing SOC to find gaps in what it can do.

More on the Status of Health Care IT Security

HIPAA Journal reports that July 2021 saw 70 reported data breaches of 500 or more records, making it the fifth consecutive month where data breaches have been reported at a rate of two or more per day.

Hello Health took a deep dive into how cyber attacks happen in hospitals and health care clinics, revealing that more than 93% of health care organizations have experienced a data breach over the past three years. In addition, 57% have had more than five data breaches during the same time frame.

In August, Health IT Security reported that outpatient facilities and specialty clinics fell victim to health care data breaches nearly as often as hospitals in the first half of 2021. The number of breaches in 2021 was higher than the first six months of 2020 and any six-month period between 2018 and the first half of 2020, researchers found.

Finally, the same organization reported that DuPage Medical Group, the largest independent physician group in Illinois, began notifying 600,000 patients in August of a health care data breach that may have exposed protected health information. If 600,000 individuals were in fact affected, the breach would constitute Illinois’ largest reported health care cybersecurity incident of 2021 to date.

 |  |  |  |  | 
Justine Brown
Technical Writer

More from Healthcare
October 29, 2024

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

September 26, 2024

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

September 18, 2024

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature