Healthcare continues to be a popular target for ransomware, cryptomining, data theft, phishing, and insider threats.
Consumers are more worried now about their protected health information (PHI) being compromised, thanks to high-profile breaches like Anthem and Allscripts. The recent RSA Data Privacy Report surveyed 7,500 consumers in Europe and the US. It showed that 59 percent of the respondents were concerned about their medical data being compromised. Thirty-nine percent were worried that a hacker would tamper with their medical information.
[ Learn about the 5 capabilities that put medical devices at risk | Sign up for CSO newsletters. ]
They have good reason to be concerned. Healthcare as an industry continues to be a prime target for hackers, and there is a significant risk from internal threats, too.
Why healthcare is a target for hackers
Healthcare organizations tend to have a few attributes that make them attractive targets for attackers. A key reason is the number of different systems that are not patched regularly. “Some of them are embedded systems that, due to the way the manufacturer has created them, can’t be easily patched. If the healthcare IT department were to do so, it would cause significant problems with the way the vendor can support them,” says Perry Carpenter, chief evangelist and strategy officer at KnowBe4.
The critical nature of what healthcare organizations do puts them on the radar of attackers. Health data is a valuable commodity in the cybercriminal world, and that makes it a target for theft. Because of what’s at stake—the well-being of patients—healthcare organizations are more likely to pay ransomware demands.
What follows are the five biggest healthcare security threats for the year ahead.