New Virus Putting Hospitals and Medical Centers in Danger

I recently read an article that shed new light on the meaning of dangerous viruses in healthcare; it is called the computer virus!

The healthcare sector is notorious for its underinvestment in cybersecurity. Although one medical chart is worth 50 social security numbers, healthcare generally invests only 4%-6% of its IT budget in cybersecurity compared to the financial sector’s 10%-12% investment. In 2016 the number of healthcare providers that experienced a hack grew to 320%, a 181% increase in records hacked in just one single year. We are not just talking about fraudulent purchases and diminished credit that hacked credit information would bring. This could lead to prescription drug abuse and/or Medicare fraud.

Beyond the normal hacking of medical records, there is ransomware to be wary of. In 2016 roughly 4,000 ransomware attacks happened every day. According to Symantec, ransomware has grown in popularity by 36% in 2016 alone. It is becoming a lucrative business as there is no need to look for a buyer for hacked personal information; ransomware generates easy cash for the criminal. Ransomware accounted for 72% of healthcare malware attacks in 2016 according to a report put out by Verizon.

Unfortunately, too many organizations feel that it is easier to just pay up. The average ransom amount has increased 266% in 2016 according to a Symantec report. Generally the first ransom starts out small but if paid, the attacker will most likely return to the source again and again upping the dollar amount.

An even bigger danger of ransomware in the healthcare sector is related to medical devices. Hewlett Packard estimates by 2019  85% of healthcare organizations will be using the Internet of Things (or better known as IoT) medical devices. 64% of these IoT devices are patient monitors such as insulin pumps, pacemakers and other remote or near-field devices with communication capabilities. In late 2016 and early 2017 St. Jude spent months patching a vulnerability in their equipment including defibrillators and pacemakers. Although no deaths have been attributed to these device vulnerabilities or ransomware attacks as of yet, one can only imagine that once this happens hospital administrators, healthcare providers and device manufacturers will be at the forefront of a major lawsuit.

For more information and affordable solutions contact ComAudit Services to examine the security of your healthcare organization and sleep better at night.

sfezler@comaudit.com