In its fourth annual “Data Breach Industry Forecast” white paper, information services company Experian says the healthcare industry will be the most targeted sector for cyberhacks in 2017.
Experian predicted in 2016 that healthcare would remain a top target for hackers, and that big healthcare hacks would garner lots of press but the smaller, less headline-grabbing hacks would be the most damaging. Experian gave itself a B for those predictions: “In 2016, there were 181 reported healthcare breaches ranging in size from 500 to 3.6 million effected individuals. While several large breaches like Banner Health and 21st Century Oncology lost more than 5 million records combined, small breaches also had a large impact. Breaches impacting 200,000 people or less accounted for 96 percent of all healthcare related breaches and impacted 1,400,872 individuals.”
The healthcare sector remains a favorite for hackers as medical identity theft is lucrative and easy for cyber criminals to exploit. Personal medical information remains one of the most valuable types of data for attackers to steal, and cyber criminals will continue to find a market for reselling this type of sensitive information. According to a recent report from IBM, more than 100 million healthcare records were compromised, making them a hacker’s top target.
Experian also anticipates mega-breaches will deviate from focusing on healthcare insurers, which served as a popular attack victim in 2015, to focus on other aspects of healthcare, including hospitals. It often is harder to maintain security measures in a distributed network, like a hospital.
Electronic health records (EHR) present a perfect target for attackers. The portable nature of this information and the number of different entities and end-points that need access to them mean the potential for them to touch a vulnerable computer system is high. While there may be significant protections in place to secure them in transit, it only takes one compromised or outdated system to lead to exposure. Further, as more healthcare institutions deploy new mobile applications, it’s possible that they will introduce new vulnerabilities that will also be attractive targets for attackers.
Experian believes ransomware will continue to be a top concern in 2017, particularly because a disruption of healthcare system operations could be catastrophic. Ransomware presents an easier and safer way for hackers to cash out; given the potential disruption to a company, most organizations will opt to simply pay the ransom. This has unintended consequences of funding more research and development by attackers who will in turn develop more sophisticated and targeted attacks. These new variants will likely be able to evade many of the security detection systems that were developed and are now widely deployed to stop the previous generation of attacks.
CRU has several products that are ideal for protecting sensitive patient data: removable drives should be installed in every computer so data can be easily secured, away from prying eyes. And if hard drive or computer re-use is part of a healthcare organization's IT practices, the hard drives can be sanitized for re-use with the Drive eRazer Ultra.
The takeaway for healthcare then is for healthcare organizations of all sizes and types to ensure they have proper, up to date security measures in place, including training employees on the critical nature of security.