by Greg Hoffman
Article filed in
Healthcare Needs to Adjust to New Types of Cyber Attacks
by Greg Hoffman
The increase in awareness of healthcare security has driven hackers to get creative developing various methods of cyber attacks. This is ultimately forcing healthcare entities to once again revise and reinforce their security measures.
In the past the main focus of healthcare security has been on breaches caused by unencrypted, lost or stolen devices. Today more and more breaches occur from hackers with more cyber attacks hitting the healthcare industry than any other industry.
These attacks range from ransomware all the way to the smartphones of patients and healthcare workers.
Why do hackers target healthcare?
The reason hackers target healthcare is due to the high value of PHI on the black market. A credit card is usually sold for few dollars where as 10 Medicare ID numbers are sold for roughly 20 bitcoins or $4,500.
Healthcare information has such a high price because unlike a credit card it cannot be easily changed. PHI can be used to falsify insurance claims that may lead payouts of large sums of money.
As cyber attacks become more prevalent, a variety of different types of attacks are developing. Some of these attacks include Nation State, Ransomware and Smart Phone attacks.
What is a Nation State cyber attack?
As HIPAA fines grow we’re seeing an increase of attacks coming from black hat hackers based overseas in China and Russia. These attacks are referred to as Nation State cyber attacks and are likely done in the interest of money and sabotage. Hackers’ goals are to obtain both PHI and information that can be used to blackmail and extort medical device companies.
Here are few things you can do in order to prevent a Nation State attack:
- Pinpoint both internal and external security threats to your entity’s sensitive data.
- Put in a plan to secure it.
- Implement training for your employees about your covered entity’s sensitive data protection plan
- Protect both your physical and electronic sensitive data
- Use the most recent software security tools.
- Post warnings and educational information in your office to reinforce security training protocols
- Black list unfamiliar/suspicious email and IP addresses
What is Ransomware?
Ransomware attacks can result in immense and costly payouts, not only for breaching HIPAA but also by compelling healthcare individuals to give into the hackers ransom demands in order to restore their locked or stolen healthcare information.
Encrypting ransomware involves complex encryption formulas. They are built to obstruct access to an individual or organizations systems files. The hackers usually have a time frame for when their demanded payment is due. If not paid in time they threaten to indefinitely withhold the decryption key needed in order to access the files/ information that they have locked.
In order to prevent a ransomware attack it is recommended that you:
- Choose a email provider that does not expect unsecure connections
- Disable the use of Macros if your hosting provider has not already done so
- Keep up to date operating systems and anti virus software
- Be careful when opening email attachments
- Create rules on conduct for quarantining sketchy or unsolicited emails
- Do not follow unasked for web links in emails.
- Teach new employees about company cyber security protocols
- If you are hacked, never agree to paying the ransom
For more detail, check out our previous post on Ransomware.
What is a smartphone attack?
Smartphone attacks are becoming more common and we predict that as smartphones continue to develop they will become a more popular target for hackers.
Today we already use our smartphones for practically everything and store vital information on them. We are now starting to see healthcare individuals and covered entities communicating with their electronic healthcare systems, devices and applications through their mobile devices.
To protect your smart phone, follow these steps:
- Setup your mobile device to be more secure by requiring a password
- Do not connect to unfamiliar Wifi networks or Bluetooth connections
- Use caution when opening links
- Research applications before installing them
- Avoid opening messages and attachments sent from unfamiliar phone numbers and emails
- Be choosy about where you list your phone number
- Cautiously determine what you want to keep on your mobile device
Don’t wait to protect yourself
With the healthcare industry needing to protect itself against hackers, while maintaining compliance with regulations, it’s important to put together a good security plan right away.
Along with technical security that companies like Paubox can provide, it’s also important to review processes and staff training to make sure there are no holes in your IT security strategy.