Despite all the hopes that breaches would decrease, 2017 was still a year full of healthcare cyberattacks.
A new report from security company Cryptonite found that in 2017, there were 140 data breaches reported to OCR as IT/hacking events. This number represents a 23.89 percent increase from 2016, when there were 113 IT/hacking events reported.
Changes in Nurse Staffing Answer Clinician Demands
The ongoing nursing shortage facilitates high turnover rates since nurses know they won’t have difficulties finding new jobs. In order to retain and attract staff, it’s in a facility’s best interest to understand what nurses want.
In a recent phone interview, Cryptonite CEO Mike Simon described why healthcare continues to be a target for hackers.
Hackers are looking for an organization that doesn’t have much in terms of cybersecurity resources. Health systems fit this description because they are traditionally focused on patients more than IT. Additionally, hospitals often rely on legacy systems, making them all the more vulnerable.
“From [a hacker’s] perspective, they’re looking for the perfect storm,” Simon said. “All these together make it a hacker’s dream to come into a healthcare facility.”
Digging deeper, ransomware was a major problem in 2017. In fact, the number of reported healthcare hacking events attributed to ransomware went up 89 percent from 2016 to 2017. There were 36 ransomware events in 2017 compared to 19 the year before.
Consultants: Help Define What’s Next In Healthcare Benefits
Help shape the future of healthcare benefits by sharing your insights.
Simon had an answer for this as well. Again, the key is to look at it from a hacker’s point of view.
“Ransomware is the easiest method to gain money,” he said. “[Ransomware attacks are] cheap, they’re easy and you can send so many phishing emails across healthcare networks to see what you catch.”
The analysis also highlights 2017’s top 10 healthcare breaches based on the number of records compromised. Six of the events involved ransomware.
Interestingly, however, the total number of patient records compromised significantly decreased between 2016 and 2017. While 13,425,263 records were reported compromised in 2016, 3,442,748 were compromised in 2017.
Additionally, the Rockville, Maryland-based company’s report points to the future, noting that Internet of Things devices will increasingly become another mechanism for cyberhackers gain access to a hospital’s information.
As IoT devices become targets, Simon said healthcare organizations need to shift their way of thinking. Health systems must segment the networks to ensure only authenticated users have access to such devices.
Simon also shared a bit of advice for the healthcare industry as a whole as far as cybersecurity is concerned.
“The paradigm has to change for us to defeat this whole cyber problem,” he said. “We have to stop being in a reactive mode and start implementing automated defense mechanisms.”
To create the analysis, Cryptonite made use of the HHS/OCR database to access breach reports as required for major data breaches impacting 500 individuals.
Photo: Rawpixel Ltd, Getty Images