The healthcare industry currently finds itself at high risk for ransomware attacks. In fact, healthcare has the fifth highest number of ransomware attacks among all industries. But what makes this sector a uniquely attractive target?
The rise of ransomware in healthcare can be attributed to a combination of insufficient cybersecurity practices and the opportunity for cyber criminals to turn the healthcare vertical into a lucrative source of income. Hospital networks are less centralized and EHR systems are more mobile with the increasing use of tablets and smartphones, making it harder to defend against cyberattacks. Personal medical information is one of the most valuable types of data for attackers to steal. Moreover, the ability to access patient information is critical to healthcare providers and their patients and hospitals are willing to pay to recover that information.
According to the 2016 Healthcare Industry Cybersecurity Report that was released late last year by SecurityScorecard, healthcare ranks 15th out of 18 for all industries when it comes to managing social engineering attacks. This suggests a security awareness issue among healthcare professionals that is placing millions of patients at risk. Security is only as strong as the weakest link, and employees are often the easiest targets when it comes to social engineering.
Social Engineering in Healthcare
To understand social engineering, organizations need to recognize that not all data breaches and hacks are external attacks on the network. Some attacks succeed as the result of human interaction on internal networks. Social engineers use increasing sophisticated emails to trick people into offering them access to sensitive information or opening infected files. Phishing scams are one of the most common types of social engineering attacks because they are so successful.
Social engineering can be described as hacking that occurs by exploiting employees, medical professionals, patients, and guests. Social engineering threats can take different forms, including:
- Business email compromise
Social engineering is often overlooked when developing a security strategy and it’s not something that can be easily addressed. In addition to more traditional security measures, hospitals need to develop programs for raising security awareness and regularly educating all of their users on effective ways to identify phishing scams and potentially malicious sites.
With healthcare providers focusing on using technology to enhance the patient experience and increase satisfaction, there are more connected devices on healthcare wireless networks than ever before. As a result, the urgency to enhance network security is paramount.
Ransomware Healthcare Stats You Should Know
According to a recent HHS report, the industry has experienced nearly 4,000 daily ransomware attacks since early 2016. This is a 300% increase in reported attacks from the previous year. So it’s no surprise that over 75% of the entire healthcare sector has been infected with malware over a 12-month period.
According to SecurityScorecard, 96% of all ransomware attacks specifically targeted medical treatment centers while almost 88% of healthcare manufacturers had a malware infection. Approximately 94% of all detected attacks can be attributed to ransomware known as CryptoWall. This trend essentially represents a shift from stealing data to stealing money via email fraud and ransomware.
Out of the breached healthcare institutions, 40% had a C or lower rating in network security when the breach occurred. It is alarming to note that healthcare companies continue to struggle with security after a successful cybersecurity attack. Leaked information from past breaches can continue to lead to other hacks. In fact, previously breached institutions were still found to have 242% more C’s or lower ratings in social engineering compared to non-breached organizations.
The Immediate Need for Enhanced Security
According to the SecurityScorecard, 63% of the 27 largest hospitals in the U.S. had a C or lower rating with regard in patching cadence. Unpatched vulnerabilities leave the network open to attack, creating a huge opportunity for criminals looking to breach an organization’s systems.
According to Verizon Data Breach Report, social engineering is the third most common cause of data breaches. Furthermore, those numbers are growing at the same rate as malware and hacking related breaches.
Healthcare organizations need to find a balance between providing IT for enhanced patient satisfaction and staff mobility while at the same time implementing and maintaining effective cybersecurity policies. The explosion in connected devices is adding to the challenge of securing internal and patient data. To prevent staff members from falling prey to phishing, spear-phishing, and other social engineering attacks organizations need to improve security awareness for all users connecting to the network. Training and ongoing security awareness processes are increasingly important, as well as proper network segmentation to account for IoT security and mobile devices.
According to Cisco Systems, layered integrated defenses will be crucial to delivering visibility and responsiveness against ransomware attacks. Before an attack, it is important to backup critical data. Consider adding software that can detect malicious sites and block requests at the host level. Unfortunately, nothing can provide complete protection from ransomware. During an attack, ransomware files should be stopped at the DNS layer, before they reach an end user’s device. If a file makes it past the DNS layer and the firewall, dynamic segmentation is needed to ensure that ransomware is isolated on the network to help stop the ransomware from spreading and allow IT time to remove the infected files.
As technology continues to evolve, criminals also find innovative ways to breach network systems. Maintaining secure wired and wireless networks in healthcare institutions will be an ongoing challenge that requires the right combination of people, processes and tools.