Page 47 - Cyber Defense eMagazine August 2024
P. 47
malicious activities. Recent data showed that medical records sell for 20 times more than credit card
information.
Additionally, the critical nature of healthcare services makes hospitals and clinics prime targets for
ransomware attacks since cybercriminals know that disrupting healthcare operations can have life-
threatening consequences. This increases the likelihood that the targeted organization will pay the
ransom to restore services quickly. Given the sensitivity and importance of healthcare data, healthcare
organizations are more likely to pay ransom or extortion demands to regain control over their systems
and data quickly. A survey found 61% of healthcare IT professionals acknowledged that their
organizations have paid a ransom, when the average for all industries is 46%. When it comes down
to it, law enforcement and cybersecurity experts actually advise against paying ransoms, as this can
encourage further criminal activity. Additionally, there's no assurance that ransomware groups will restore
access to systems after receiving the ransom, or that they won't demand additional payments.
The public trusts healthcare organizations to protect their personal and medical information; a successful
cyberattack can severely damage this trust and the organization’s reputation, leading to long-term
financial and operational consequences. Attackers exploit this vulnerability, knowing that healthcare
providers are under pressure to maintain their reputations and provide consistent, quality care.
Healthcare organizations must also comply with stringent regulations like the Health Insurance Portability
and Accountability Act (HIPAA) in the United States, which mandates the protection of patient data. Non-
compliance can result in hefty fines and legal consequences, making healthcare providers even more
vulnerable to extortion.
On the logistical front, 73% of healthcare provider organizations operate on legacy systems, and this
outdated technology can cause them to be more vulnerable to cyberattacks. These older systems often
lack modern security features and can be challenging to update or replace due to cost and complexity –
making them a prime target for malicious actors.
What can the healthcare industry do?
Healthcare companies should prioritize robust defenses and investments in technology to prevent
cyberattacks from occurring in the first place. Although cyber criminals are evolving quickly, cybersecurity
technology, like artificial intelligence (AI) and zero trust architecture, is also developing rapidly to help
sectors such as healthcare stay protected. Through these advanced technologies, enhanced encryption,
and cloud security solutions, healthcare organizations have increasing opportunities to protect against
evolving threats. However, these efforts alone are insufficient to change the trajectory of cybercrime.
Protecting the healthcare industry should be a widespread effort involving a law enforcement and
legislation.
The tech sector has also mobilized to address these threats. Recently, Microsoft and Google announced
they will offer free or discounted cybersecurity services to rural hospitals across the United States, to
make them less susceptible to cyberattacks that would disrupt patient care and threaten lives. We’re
likely to see similar responses from the industry as this problem becomes more and more costly
financially and for individuals’ well-being.
Cyber Defense eMagazine – August 2024 Edition 47
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
