The healthcare industry is under fire these days. Hospitals are falling victim to a cyber-epidemic that is paralyzing their systems and asking for huge ransoms in return.
Here’s a quick overview of the latest cyber-incidents:
- the Hollywood Presbyterian Medical Center in Los Angeles paid 40 bitcoins — or around $17,000 — to hackers who held its data system hostage, preventing the hospital’s staff from using their computers.
- the Methodist Hospital in Henderson, Kentucky, and Southern California’s Chino Valley Medical Center and Desert Valley Hospital have been attacked by Locky, a particularly virulent ransomware sample that surfaced earlier this year.
- the Lukas Hospital and the Klinikum Arnsberg hospital in Germany were attacked by file-encrypting ransomware and refused to pay the ransom.
These breaches highlight two things:
- No industry is safe
- Hospitals underestimate the value of their data
But more importantly, these breaches reveal that security is often lax within healthcare facilities, and issues a reminder that hospitals store troves of valuable personal information.
On the black market, personal medical records are the new currency. They are 10 times more expensive, according to Experian. That’s partially because stolen data often includes Social Security numbers that can be used in identity theft.
“Malicious actors want as much intelligence as they can get, and health care is the easiest attack surface for seasoned and non-seasoned hackers,” says James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C.
Thieves can also use this data to get other personal information about the victims, apply for credit card numbers and make fraudulent purchases in their name. Also, once an attacker gets access to someone’s medical history, he can blackmail and threaten the patient with public shaming. Attackers can also use this data to create fake IDs to buy medical equipment or drugs, or they can combine the data to make up complaints to insurers. Sound too far-fetched? It’s not.
Accessing hospital networks has several consequences and, in this industry, data and financial losses are not the worst that can happen. Once inside, attackers can interfere with patient care to create havoc and even put lives at risk. They could mix up blood samples or drugs, disrupt patient monitors or disable equipment to cause serious injury.
From hospitals to small businesses - why are they prime targets?
No industry or type of organization, big or small, is exempt from cyber-threats. And small medium businesses (SMBs) are especially vulnerable. The first trap they fall into is that they often undervalue their assets and consequently, they were prime targets for cyber-thieves in 2015.
Every business has confidential, proprietary information, such as employee salaries, revenue numbers or customers’ credit card details. That’s what cyber-criminals value most. Also, small businesses are often a piece in a bigger puzzle. If they do business with larger companies, most likely they are being used to get to the ultimate target.
Hackers have long realized the value of SMBs. Yes, spectacular, sophisticated attacks on big companies like Target or Anthem grab the attention of the media, but more SMBs are actually targeted than larger organizations.
Secondly, SMBs have a high return on investment. Since malware has become so sophisticated that it can leave no traces behind after it captures the data it needs, and with the possibility to buy malware online anonymously, the results outweigh the risks.
Lastly, small businesses are easier prey than larger enterprises. The bigger the business, the more IT experts and security systems it will have in place to fend off cyber-threats.
Unfortunately, entrepreneurs not only put security in the back seat of their business priorities, but also underestimate the impact a leak of proprietary information may have on their reputation, credibility and, ultimately, profits. But the truth is a data breach breach can devastate a small or mid-size business.
Employee errors cause many of these breaches. The most common ones include opening spearphishing emails, a threat that can be mitigated by a security solution for endpoints. This has multiple layers of security for messaging: antispam, anti-phishing, antivirus and antimalware with behavioral analysis and zero-day threat protection.
Other important data protection measures include network monitoring, data encryption in transit and educating employees on the risks of careless online behavior, weak passwords, phishing schemes and other threats that may fool them into giving access to your network and assets.