In recent years we have been seeing a surge of cyberattacks in all industries, but one specifically is really feeling the heat. Due to the sensitive nature of their work, the healthcare industry is particularly susceptible to cyberattacks like ransomware. Ransomware is a form of malicious software that locks users out of their data and threatens to destroy the data if a ransom is not paid. Cybercriminals can not only make a profit by forcing a provider to pay for important files to be decrypted, but they stand to gain a political or socioeconomic upper hand by tarnishing the reputation of certain health organizations.
Last year, the healthcare industry saw an immense rise in ransomware attacks. This trend is expected to increase in 2017. Just this month, Erie County Medical Center (ECMC) in Buffalo, N.Y. had a computer virus shut down the hospital’s computer system. According to a local news report on April 16th, the medical center switched to their backup system to avoid paying the hacker’s ransom.
HIPAA enforcement increased dramatically in 2016. The Office for Civil Rights (OCR) collected $23 million in fines compared to the $7.4 million in 2014. This record breaking year also saw the single largest fine administered by HIPAA to Advocate Health Care System of $5.5 million. Shortly after the Memorial Healthcare System was fined $5.5 million.
The FBI’s recent Private Industry Notification warns medical and dental facilities of cybercriminals targeting file transfer protocol (FTP) servers operating in anonymous mode within their organizations. Healthcare providers are particularly susceptible to this type of attack, as hackers can steal protected health information (PHI) or personally identifiable information (PII) to intimidate, extort money, or ruin the reputation of business owners.
Many companies are taking advantage of Bring Your Own Device, BYOD, solutions. The benefits are two-fold; increased staff productivity and reducing expenses by eliminating the need to provide your employees with company-owned devices.
In the year 2017, the Department of Health and Human Services made over 5,000 HIPAA audits which resulted in the earnings of 56 billion dollars. The HHS is thought to only increase the number of audits under the current administration. Is your organization prepared for an inevitable HIPAA audit? The majority of organizations are not ready for this extensive audit, which can cost millions of dollars in fines.
Last year data breaches rose a staggering 40%, with 37 million records exposed, affecting every market sector including the government, financial services, education, health, and businesses the world over. Arguably the biggest cybersecurity threat in 2017 is ransomware. There were a massive 638 million ransomware attacks in 2016, representing an increase of 167x over the previous year and showing no signs of slowing in 2017. It is clear to any tech leader that precautions are necessary.