Did you know nearly 90% of all successful ransomware attacks were on hospitals in 2016? In his guest blog, Ostendio CEO and Co-Founder Grant Elliott sheds light on the cybersecurity implications of healthcare today and the importance of engaging healthcare employees in cybersecurity. Elliott will be speaking on the Cybersecurity Panel at the Capital Health Tech Summit taking place on June 15, 2017 at the Inova Center for Personalized Health.
Why is healthcare so heavily and successfully targeted by cybercrime? After a record number of breaches last year – nearly 90% of all successful ransomware attacks were on hospitals – it’s one that needs to be asked.
Cybercriminals target healthcare data because hospitals need immediate access to up-to-date patient information in order to provide critical care. When malware enters the system, it prohibits access to data, and in turn, prevents hospital staff from efficiently and effectively treating a patient. The cybercriminals then demand a ransom, usually in the form of Bitcoins. Ransomware is growing in popularity because it works. In 2014 alone, the FBI estimates that the minds behind the CryptoLocker strain of ransomware received nearly $27 million in six months out of data taken hostage.
When MedStar Health, a health system serving the Baltimore/Washington region, was hit by a cyberattack in 2016, they choose not to pay the Bitcoin ransom, instead choosing to shut every aspect of MedStar Health’s electronic medical record systems off.
Hospitals are also a prime target because employees aren’t always trained on security awareness. While HIPAA aims to ensures that patient privacy is protected, in general, hospitals do not place a big enough emphasis on the importance of cybersecurity. Protecting data has always been a challenge, but an aware and invested workforce can become your company’s first line of defense.
So, what can be done to try and reduce the number of data breaches?
Look to your employees. Employees are an organization’s greatest asset, and they need to be treated as such. It takes just one click on a malicious link to bring a whole system down. Make sure that each and every employee understands their role in a cybersecurity program. They need to know where data is, when they should access it, how it should be used and how it’s being protected. Only then can they can become your front line of cyber defense.