I hear it in the news every couple days or so, another major organization was hacked and one of two things likely happened; their network went down, or customer information was stolen. At this point we’ve all become so used to hearing about hacks, we think, no big deal, right? Well what if the organization hacked was your local healthcare provider; hospitals, doctors’ offices, and insurance companies. Now what?
Hacking the Healthcare Industry
The healthcare industry is particularly vulnerable to hacking because of the sensitive information that it stores. According to the 2018 Impact of Cyber Insecurity on Health Organizations survey, 62% of healthcare executives polled said they experienced a cyber attack in the past year. This is due to the fact that patient data, while being highly confidential, is also even more critical for these organizations to access in order to deliver life saving medical treatments.
The majority of hacks targeting the healthcare industry fall into the Ransomware category. It begins with the attacker compromising an individual computer, likely through a phishing attack. Once the attacker has access to your computer, they can launch the ransomware onto the network, encrypting and locking down files. Then a ransom is presented to the victims to pay in order to obtain the decryption key.
Hackers choose ransomware attacks to use on hospitals and other healthcare networks because these organizations need to restore their computer systems quickly to help their patients, making them more likely to pay the ransom than organizations in other industries.
What does this mean for a hospital?
When a hospital’s computer network is attacked by ransomware and essentially shut down, daily activities at a hospital grind to a halt. Email goes down, so different departments or campuses can’t communicate about patient tests and records; phone systems are affected so doctors can’t call up the ER to check on activity or see if there is a bed available in a different unit; patient medical records can’t be accessed via the EMR system; the list goes on and on.
While non-essential activities can be rescheduled for a different day, or shifted to a non-affected hospital, emergency surgeries will still proceed and patients already admitted need to be cared for, so it’s back to pen and paper during the system failures. And it can take upwards of 6 weeks for a hospital’s network to be back at normal operating conditions.
Securing the Network
As a result of these continued cyber attacks, hospitals and healthcare systems are starting to take action. Globally, healthcare spending on cyber security will exceed $65 billion cumulatively from 2017 to 2021. This spending will touch all areas of the network from simple computer updates to installing additional security and monitoring tools like Next-Gen Firewalls and Intrusion Detection Systems to hiring larger IT staffs to manage these new systems and applications.
Here at Garland Technology, we believe that network security must start with a foundation of visibility. If you don’t know what’s going on in your network, you can’t protect against it. That’s why we ensure complete network visibility with our development of the industry’s most reliable network test access point solutions.
[Want to learn more about securing your patient data? Download our whitepaper on Protecting the Data: 5 Tools to Fight Against Today’s Threats.]