“When a hacker attacks a financial institution and gets your credit card, that information is valuable to them for a certain amount of time” says Erik Krucker, CTO at Comport Consulting. “If they have your personal information such as your healthcare information, where you were born, your social security number, those things are much more valuable because you can’t call someone and turn those things off.”
Hospitals are staffed by people with extensive training in medicine, and logistics and business experts ensure that hospitals are run in an efficient manner. However, few hospitals provide the extensive training needed to prevent security breaches, and few adequately teach employees how to detect and avoid phishing attacks. This problem is compounded by the fact that US healthcare firms are bound by HIPAA compliance, which ensures patient health information remains private. This means these organizations face huge fines in instances of a breach.
Cheaper to pay?
Modern hospitals rely on computer systems to function, and even small periods of downtime can lead to logistical and health problems. Delays cause a cascading effect that slows down care for everyone, which can lead to patients not receiving the care they need. Furthermore, ransomware attackers often ask for a relatively low amount of money compared to what hospitals stand to lose in fines and reputation. For hospital administrators, it often makes sense to simply pay up, however there is no guarantee you will get your data back – after all, these are criminals.
“In the case of ransomware, these are really more socially engineered emails which they are tricked into opening” continues Krucker. “Security is always a multi-layered approach.”
Recent ransomware attacks highlight how critical healthcare IT infrastructure is and how dangerous threats can be. This makes the need for hospitals to ensure their data is backed up and secure even greater.
TechNative spoke in depth to Erik about what a good healthcare IT security strategy looks like. Listen below:
Why are Hospitals Prime Targets for Ransomware?
Listen to the Podcast