Healthcare hacking and malware is big business for bad guys. Cyber criminals are launching attacks against healthcare networks every single day. Healthcare hacking and malware is generally done by “malicious outsiders” rather than rogue employees. The motivation is almost always money.
Hackers Are Drawn to Data
Why do hackers target the healthcare industry? Many speculate one reason is the value of the data stored by hospitals, care providers, and other medical offices. When asked the types of information they believe hackers are most interested in, more than half of healthcare IT professionals surveyed pointed to the following three types:
- Patient medical records: 77%
- Patient billing information: 56%
- Login credentials: 54%
Patient medical records remain a profitable commodity on the dark web. Criminals can use the records to conduct medical fraud schemes – collecting payments from public services such as Medicaid and Medicare – and can go undiscovered for years.
Patient billing information – including credit card numbers – is also valuable to data thieves and can be used for fraudulent transactions.
However, the lifespan of such schemes is often far shorter than medical-related ones. The payment card industry is far more efficient in detecting and blocking fraudulent transactions than government regulators in the medical field. This may partly explain why more healthcare IT professionals say hackers are targeting medical records.
Login credentials, of course, are often targeted to gain access to additional systems storing valuable data. Other types of data – such as clinical research, email content, and employee information – can also be targeted, though fewer respondents cited them than the three data types mentioned above.
The use of stolen credentials was found in nearly half (49%) of all healthcare security incidents attributed to “hacking” in the Verizon 2018 Protected Health Information Data Breach Report.
What can you do about it?
You need an IT support partner who thoroughly understands both HIPAA compliance and network security, as they have to work in tandem to keep your medical practice secure and clear of HIPAA violations. To learn more, call 678-389-6200 or see HIPAA Compliance and Network Security for Medical Practices.