Hospitals and other healthcare facilities are essential components of modern civilization. Without a safe and secure space for medical treatment, patients will suffer, and the overall health and wellness of a community will drastically decline. Thus, it is in everyone’s best interest to contribute to the proper functioning of hospitals and other care centers, right?
Unfortunately, there are a number of bad actors walking the Earth who care more about personal profit than about common good. These actors fervently launch all manner of digital attacks against hospitals and other healthcare institutions, and increasingly often, they are successful in disabling organizational systems, preventing providers from offering essential services to patients in need.
Why do cybercriminals so often target hospitals in cyberattacks, and can the healthcare industry do anything to protect itself?
Healthcare Organizations Have Valuable Data
Cyber criminals operate for a wide variety of reasons, from patriotism for their nation to a personal desire to bring down large and powerful organizations, but the vast majority of black-hat hackers launch cyberattacks for one simple reason: to make money. Crime pays, and cybercrime in particular offers dozens of opportunities for effective attackers to take money from hapless victims, especially when they employ ransomware.
Ransomware locks down a victim’s device or network, hiding data and preventing use until the victim provides the attacker with a ransom. However, the average home user does not have much indispensable data on their personal devices, so they are disinclined to spend much money to recover their systems from attackers; what’s more, home users are unlikely to have more than a few thousand bucks in the bank, anyway. As a result, most cyber attackers have pivoted to focus their attacks on businesses which, in addition to maintaining essential data required for operations, will have tens or hundreds of thousands of dollars in their business accounts. Major healthcare facilities, like hospitals, could have financial accounts in the millions of dollars, which means attackers can impose exceedingly high ransoms
Ransoms are not the only way attackers can financially profit from cybercrime. Some stolen data includes sensitive information, like login credentials and financial account numbers, which can be utilized for further financial gain. Other data stolen by criminals during a ransomware attack can be sold to other online cyber criminals, who might use it to steal identities, blackmail individuals or perform other nefarious deeds. Thus, it is increasingly important to cyber criminals that they target organizations with large stores of valuable data —like hospitals. Patient data is among the most sensitive, with intimate details about health, financial status and more, and many hospitals have decades-worth of patient records for attackers to profit from.
Hospital Security Can Improve
Another reason that hospitals pose such an attractive target to cyber criminals is that many healthcare organizations are not well protected against attack. Many hospitals run outdated operating systems and software across their networks, which are exceedingly vulnerable to even the feeblest digital attack. What’s more, many healthcare administrators do not prioritize integrating cybersecurity policies and tools, which means that staff and patients are utterly undefended from cyberattacks.
Unfortunately, rampant cyberattacks across the healthcare industry are having an effect on the ability of healthcare facilities to care for patients. When providers are locked out of hospital systems due to an ongoing attack, they cannot assess patients effectively or deliver optimal treatment. One study found that cyberattacks result in increased complications and poor patient outcomes in roughly half of all cases. Furthermore, successful attacks are incredibly expensive, costing organizations millions of dollars to weather and recover from. Thus, preventing all cyberattacks should be a top priority for healthcare administrators.
Fortunately, more hospitals are beginning to recognize the importance of cybersecurity and adjusting their operations to account for the increased threat of attack. More healthcare organizations are opening positions within healthcare information management, which involves organizing and securing sensitive data. By diverting more funds to updating and maintaining their digital networks and systems, hospitals can reduce the number of cyber criminals who see success.
Patients and providers deserve a safe place dedicated to increasing health and wellness. Hopefully, by increasing the resources defending hospitals and healthcare facilities, we can disincentivize attacks on these essential spaces.