1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

5/30/2017

0 Comments

How to Improve Healthcare Cyber Security

 
doctor's office - healthcare cyber security

How to improve healthcare cyber security

Scope of Hacking Health Care Records

​The hacking of health care records at the NHS and HPMC aren’t isolated cases. Prior to the widely published WannaCry ransomware attack, other cyber attacks had already wreaked havoc in the health care industry. Protenus reported that in 2016, the U.S. health care industry suffered one breach per day, affecting more than 27 million patient records.
 
For the month of April 2017 alone, the U.S. Department of Health and Human Services, Office for Civil Rights reported 12 hacking incidents on hospitals and medical doctors’ offices, affecting 171,564 patient records.
 
The biggest hacking incident last month that was reported to the U.S. Department of Health and Human Services happened at Harrisburg Gastroenterology Health Care Center, affecting 93,323 patient records. The patient information potentially accessed at Harrisburg Gastroenterology includes names of patients, demographic information, social security numbers, health insurance information, diagnostic information and clinical information.
 
Last May 18th, Neeley-Nemeth Barton Oaks Dental Group reported to the U.S. Department of Health and Human Services that its computer system was hacked, affecting 17,090 patient records.
 
Symantec's Global Ransomware and Business Special Report showed that from January 2015 to April 2016, Canada ranked third (16%) in terms of ransomware infections, next only to the United States (23%) and "Other Regions" (19%).
 
Verizon’s 2017 Data Breach Investigations Report showed that breaches in healthcare organizations came second (15%), next to data breaches in financial organizations (24%). In 2017, ransomware was ranked by Verizon as the number five most commonly used crimeware. “For the attacker, holding files for ransom is fast, low risk and easily monetizable – especially with Bitcoin to collect anonymous payment,” the Verizon report said.

5 Reasons Why Hacking of Health Care Records is Skyrocketing

Hospitals and medical doctors’ offices have become targets for ransomware attacks due to the following reasons:
​
1. Medical Records are Irreplaceable
Medical doctors’ offices and hospitals have irreplaceable digital documents that increase every hour, from appointments with patients to viewing imaging.   
 
2. Willingness to Pay
Compared to other sectors, the medical sector appears to be more than willing to pay ransom for the fast recovery of their data.
 
3. Confidential Nature of the Documents
Medical doctors’ offices and hospitals’ records carry with them an abundance of confidential information about patients such as social security details, insurance details, birth dates, addresses, medical history and current medical situation. These confidential data can be sold to other opportunistic individuals or organizations at $10 per patient – an amount 10 times higher than what criminals earn from selling credit card details.
 
4. Loss of Reputation
Hacking exposes organizations their weakness. As such, many hospitals and medical doctors’ offices would rather pay and keep quiet than face the consequence of loss of reputation.
 
5. Vulnerable Software
Many medical doctors’ offices and hospitals use proprietary software. Cyber criminals exploit the vulnerabilities of these proprietary software solutions. In the case of the NHS WannaCry ransomware attack, the vulnerability of the operating system Windows XP was exploited. At the height of the WannaCry attack, NHS confirmed that 4.7% of the organizations’ computers still use Windows XP – an operating system released by Microsoft in 2001. 

3 Effective Ways to Prevent Cyber Attacks on Medical Doctors’ Offices 

Below are 3 preventive measures to stop cyber criminals from getting hold of your patients’ confidential data:

​1. Backup data
One of the effective means to prevent cyber attacks, specifically ransomware attacks, is by backing up your data. Ransomware attackers have an advantage over their victims by encrypting valuable computer files and preventing victims to access these valuable files. If you’ve backup copies, it would be easy to bring back these files.
 
It’s important to make sure that these backup files are properly protected. Storing them offline is one alternative so that cyber criminals can’t access them. Another option is to use cloud services. These cloud services keep previous versions of files, enabling you to roll back to the unencrypted form.
 
2. Exercise digital hygiene
Preventing cyber attacks on medical doctors’ offices is similar to other disease prevention: hygiene is essential. In the medical office set-up, digital hygiene refers to maintaining one’s computer hardware and software solutions as secured as possible.
 
Examples of digital hygiene include updating your hardware systems, installing the latest patches or software security updates, and not clicking unfamiliar links or files in emails. Hundreds of thousands, if not millions, of computers were unharmed by WannaCry ransomware by simply using the latest operating system and installing the latest patch or security update.
 
3. Contain the infection
Containing a malware is much like containing an infectious disease outbreak. In such a case, a rapid response such as isolating the infected computers can make a difference. Many ransomwares like WannaCry have a worm component that’s capable of spreading itself within computer networks without the need for user interaction. In handling the WannaCry ransomware attack, Spain’s Computer Emergency Response Team CCN-CERT, for instance, recommended isolating from the network or turning off as appropriate computers without support or patch.
 
Contact us today if you want to protect your hospital or medical office from cyber attacks.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit