How Healthcare Gets Hacked

Avoid the Havoc of Health Care Hacks

According to a 2017 Accenture survey, 88 percent of consumers believe their health care provider is as trustworthy with their confidential data as they are with their health care concerns. However, the healthcare industry as a whole continues to struggle to maintain an impenetrable barrier between its patient data and the thousands of global cyberthieves looking to steal it. Today’s data security professionals have the advice and the tools that health care professionals need to keep their patient and enterprise data safe.

Trust Does Not Equal Security

The Accenture survey revealed that nearly as many people who trust their doctor also trust their pharmacists (85 percent), their hospitals (84 percent) and their diagnostic labs (82 percent). Recent data breaches, however, indicate that perhaps that trust is misplaced. In 2015, there were 268 health care data breaches, affecting millions of Americans across the country. In 2016, that number rose by 320 percent to 328 health care data breaches, and the total number of breaches continues to trend upward.

Impact on the Industry

Insufficient data security impacts medical industry participants in two ways:

  1. Government overseers assess hefty fines and penalties against them. Between January and June 2017, nine health care institutions were fined over $17 million for failing to maintain appropriate data security standards and practices.
  2. They lose patients. The Accenture survey indicated that 25 percent of patients who experience a data breach changed their providers, and 19 percent sought legal counsel.

Both impacts have the potential to crater the health care enterprise, especially if it’s a smaller entity with fewer resources to sustain itself after a breach occurs.

Where Health Care Hacks Happen

For consumers, breaches occurred both where they were most vulnerable and where they were least expected: 36 percent happened in hospitals, 22 percent occurred in each of the urgent care sector and the pharmacy, and 21 percent occurred in each of the doctor’s office and insurer’s office.

EMRs and social security cards were the hacker’s most prominent targets, with 31 percent of thefts successfully gaining that data. Not surprisingly, 34 percent of consumers declared the breach had eroded their trust in the health care provider.

Why Health Care Hacks Happen

Research suggests that hacks continue to happen in the health care sector for two primary reasons:

  • Health care entities underspend on digital security measures.
  • They are equally limited in investments in preventative measures.

In 2015, 80 percent of health care executives reported they had experienced a breach event within the previous 12 months, and more than half (53 percent) said they had not prepared for an attack, should one occur. Their reluctance to make these investments is even more quizzical in light of the FBI’s assertion that EHRs are more valuable than financial records on the black market, selling for up to $50 each, compared to just $1 for a stolen social security number.

Ending Health Care Hacking Havoc

Technology explicitly developed to protect America’s health care data offers every health care provider the tools necessary to both secure existing data and prevent future hacking attacks. Industry experts suggest that each health care setting evaluate its situation to identify risks to and seek solutions for these common health care hack opportunities:

  • Assure comprehensive backup and disaster recovery: Business must often continue despite the hack, so having a backup system that reduces downtime can maintain revenues while the investigation and cleanup move forward.
  • Require comprehensive staff training: Employees are often the front-line defenders against hackers. It is critical that they know and understand the risks so they can respond to them appropriately.
  • Ensure endpoint security: While mobile devices are obvious, hacks can come through any end user device that has a connection to the network. Securing every endpoint slams the door in the hacker’s face.

If you would like to see how SentinelOne can help protect your healthcare organization from cyberattacks you can request a private demonstration for your healthcare organization HERE.