Cybersecurity experts say cybercriminals are increasingly targeting the healthcare industry to steal sensitive medical information and sell it on the black market.
A recent survey from cybersecurity company Carbon Black stated the rate of cyber-attacks on healthcare industry appear to be increasing exponentially. In its survey report Healthcare Cyber Heists in 2019, Carbon Black has disclosed what is happening to the Personal Health Information (PHI) that was stolen by cybercriminals.
The survey, which involved 20 of the healthcare industry’s Chief Information Security Officers (CISOs), found the healthcare sector being targeted because of how lucrative PHI is when compared to other personal data like credit card numbers. It’s said that personal health information is worth three times more than other personal information since the health information never changes and can be used by cybercriminal groups for extortion or compromise.
The survey revealed that around 83% of surveyed healthcare organizations stated they’ve seen an increase in cyber-attacks over the past year and over 66% surveyed said that cyber-attacks have become more sophisticated over the past year.
A recent report revealed that health care organizations suffered the highest number of data breaches in 2018 across any sector of the U.S. economy. According to Beazley Breach Response, a breach response management and information security insurance solutions provider, the healthcare entities have reported the highest number of data breaches, at 41 percent.
The report, dubbed as Beazley Breach Insights Report, stated that direct hacking, the presence of malware, or due to human error were the causes of data breaches in healthcare organizations. The report also revealed the percentage of breaches in other sectors of the economy. The education sector accounted for 10 percent of security issues, financial institutions reported 20 percent of incidents, and professional services represent 13 percent of cases.
The cybercriminals are attempting to extort cryptocurrency from companies or individuals claiming to have embarrassing evidence of people using adult websites at work, which are related to extortion, the report added.
Also, a survey revealed that employees at U.S. health care institutions may be susceptible to phishing emails. The survey report, Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions, authored by Dr. William Gordon of Brigham and Women’s Hospital and Harvard Medical School in Boston stated that many healthcare organizations remain vulnerable to phishing attacks.
William specified that when the researchers sent simulated phishing emails, nearly one in seven of the emails were clicked by employees of healthcare organizations. The survey also stated the importance of employee awareness of the risks associated with phishing emails. “Cybersecurity is a really important issue for hospitals and healthcare organizations and it’s only getting more important. One of the biggest risks for them is their own employees and it’s manifested through a phishing attack,” said Gordon.