Strategic insight for health IT leaders

lolloj - Fotolia


Why healthcare ransomware attacks are a growing threat to health IT

There are several factors that leave hospitals vulnerable to ransomware attacks, including the use of legacy systems and the fear of financial penalties due to a data breach.

Unfortunately, the trend in cybercriminal activity will continue to worsen in 2017 as experts anticipate a rise in healthcare ransomware attacks. So why is healthcare singled out more than any other industry when it comes to these types of attacks?

In the last decade, healthcare has undergone a significant transformation. An increase in EHR adoption because of the Affordable Care Act has driven many hospitals to invest in infrastructure and systems to support the growing need for digital patient charts. Demands for connectivity and access to data from many different devices, as well as the popularity of mobile devices used by clinicians and staff, have also required IT to deploy security systems that manage and control the different endpoints with access to medical information.

However, the more data generated by hospitals, the more risks they face. Under HIPAA rules, healthcare organizations must protect patient-related data from unauthorized users. The risk of data breaches resulting in financial and legal penalties puts pressure on IT to ensure that they stay alert when it comes to outside threats.

Cyberattackers have been busy, as more organizations fall victim to healthcare ransomware attacks. Facilities like Jersey Spine Center, Marin Healthcare District and Kansas Heart Hospital have had their names in the news because of attacks on their data. Most of the attacks were the result of a ransomware infection that encrypted a significant amount of data and held it hostage. After the incidents were reported, the facilities were subjected to public and federal scrutiny. These incidents probably will not be the last of their kind. Here are five reasons healthcare continues to be a major target for malware and ransomware attacks.

Legacy systems are more vulnerable to attack. Attackers recognize that many software vendors whose applications are used within hospitals rely on other systems in order to operate. Whether they use a database engine or web servers from a third party, these back-end services typically don't receive frequent upgrades. EHR vendors can't retest or upgrade their applications every time a database, operating system or web server undergoes an upgrade. That means some of the underlying systems EHRs and other hospital applications require in order to run may be vulnerable if they're not receiving frequent upgrades and patches. Some systems may have known security holes that attackers can exploit to gain access to the internal systems.

Hospital fears of financial penalties and ultimate exposure motivate cybercriminals to attack. With the news of the University of Massachusetts Amherst agreeing to settle potential HIPAA violations for $650,000, hospitals are the financial burden and seriousness that leaked data poses. The fear of stiff penalties gives criminals a sense that if they hold a hospital's data hostage, the hospital is more likely to comply with ransom demands, making health data a lucrative target.

Smaller hospitals tend to implement less robust security tools, making them a good target for hackers.

Healthcare data has monetary value on the black market. Not all healthcare ransomware attacks involve holding data for ransom. Some hackers target medical records and patient information that contain Social Security numbers, addresses and dates of birth to sell them underground. Other criminals can purchase data in bulk to open credit card accounts and perform other identity fraud. There have also been cases in which thieves used a patient's insurance information to get healthcare services, resulting in insurance companies getting billed for services not received by the actual beneficiaries.

Health data is everywhere in a hospital. Most hospital devices used by authorized personnel have access to health data. Some physicians, for example, use their mobile devices to review patient data; others interact with the data using laptops or workstations. As a result, hackers can target a variety of devices and vulnerabilities. There are now concerns about cyberattackers targeting connected medical devices as well.

The sophistication level of security practices varies among hospitals. IT budgets can sometimes dictate the types of systems selected and deployed, and that may not include security tools and practices that offer the most comprehensive capabilities a hospital needs. That's not to say more costly systems offer better protections; however, smaller hospitals tend to implement less robust security tools, making them a good target for hackers.

As cybercriminals continue using sophisticated tools to attack hospitals, the number of healthcare ransomware attacks will likely increase. Fortunately, many IT executives are adapting and increasing security practices within their systems. Their willingness to fight back and protect patient data is always present. Wherever there are sophisticated attackers, there also are those with the technical know-how to develop systems that better protect against cyberattacks and keep hospitals in compliance.

Article 3 of 4

Next Steps

Why healthcare data is a prime target for ransomware attacks

Ransomware attacks reported at U.S., Canadian hospitals

Five tips for preventing hospital ransomware attacks from spreading

Dig Deeper on Electronic medical records security and data loss prevention

Get More Pulse

Access to all of our back issues View All