Increasingly, healthcare organizations are the target of cyber-criminals looking to profit from the treasure trove of personal data these companies possess, according to a new report from Carbon Black.
The Healthcare Cyber Heist in 2019 report surveyed industry CISOs to understand the ways that threats to the industry have evolved. A vast majority (83%) of healthcare organizations reported an increase in cyber-attacks over the past year. “Invariably, when we talk to these CISOs, almost all of them are saying that the number of relevant and actionable security alerts they are receiving continues to climb year over year,” the report stated.
In addition, 66% admitted they were the target of a ransomware attack in the past year. “In targeting healthcare organizations, ransomware attackers are taking advantage of the 'do no harm' principle. Meaning, when forced to decide between paying a ransom or being unable to access critical patient files, the healthcare provider has no choice – they have to pay, lest a patient potentially incur great harm or loss of life,” the report said.
While 66% of healthcare organizations reported that cyber-attacks have grown more sophisticated over the past year, 84% also said that they have provided cybersecurity best-practices training to their employees.
“The potential, real-world effect cyber-attacks can have on healthcare organizations and patients is substantial,” said Rick McElroy, Carbon Black’s head of security strategy in a press release. “Cyber attackers have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible.”’
Despite their healthcare organizations being the target of cyber-attacks, CISOs reported that their top security concerns are actually related to compliance (33%), budget and resource restrictions (22%), loss of patient data (16%), vulnerable devices (16%) and inability to access patient data (13%).
For nearly half (45%) of participating healthcare organizations, attacks were targeted and intended to cause an extensive destruction of data, the report said. “These attackers aren’t just committing simple burglary or even home invasion – they’re arsonists. These attacks are often carried out by punitive and malicious nation-states, including Russia, China and North Korea,” the report said.