A pandemic side effect? More cyberthreats in health care. Here are 4 reasons whyMarch 16, 2021 | By Dorothy Pomerantz
In the middle of a pandemic, the last thing any hospital wants to do is make life even more complicated for its staff and patients. But that’s exactly what happened in France last month, when two separate hospitals were hit with ransomware attacks, forcing them to shut off internet service. One was forced to postpone patient surgeries and redirect emergency room care and the other resorted to paper charts, record-keeping and appointment logs.
These sorts of attacks have been a growing problem for the health care industry and are increasing in frequency during the pandemic. In 2020, health care data breaches were up 25% in the U.S. over the previous year. Here’s why:
- Medical data is everywhere. Over the past decade, the industry has digitized, meaning there is now electronic data on just about every aspect of health — from an individual’s blood pressure to global vaccine research — and on many kinds of connected devices. Data moves from medical offices to pharmacies to the patient and insurance companies. While this easy flow of communication is a boon for patients and doctors, it creates potential weak spots that hackers can exploit.
“There are plenty of security gaps,” says Beth Griffin, who leads health care cyber and intelligence efforts for Mastercard. “There can be gaps in how the data is being stored. There are vulnerabilities in people accessing data from mobile phones. There can be gaps in relationships with third-party vendors.”
- Ransomware attacks can be lucrative. Ransomware attacks, in which cybercriminals hold an entire hospital system’s IT hostage, can bring care to a screeching halt. Delays in sending and receiving information can mean the difference between life and death. With people’s health at stake, organizations are motivated to pay up quickly.
- Health care scams are constantly evolving, feeding the need for more data. Breached medical records, including stolen credentials and medical files, are increasingly available on the dark web. That’s where medical records can be 50 times more valuable than payment card information. Criminals can use it to set up fake medical businesses or file false claims with insurance companies. Stolen troves of data can include personally identifiable information for patients and their relationships with their health care providers, which could be harnessed for phishing or ransomware scams.
- Overburdened health care organizations are underprepared for cyberattacks. The financial world has adjusted to dealing with fraud — stopping a potentially bogus charge as quickly as it’s made. But the health care industry is still adjusting to new levels of digitization. Hospital systems are also trying to operate during COVID-19 with overworked staff and many administrators working from home. They might be easy prey for a phishing attack, for example – when someone opens an authentic-seeming email and unknowingly downloads malware that can infect an entire company. “The pandemic is stretching personnel who are paying less attention to details,” Griffin says.