The healthcare sector has been making headlines for more than its heroic effort during COVID-19; it also saw the largest increase in the number of cyberattacks from 2021 to 2022. Nationally, healthcare organizations were slammed with an average of 1,463 cyberattacks a week.
Healthcare ranked in the top three of most targeted sectors, along with education/research and the government. Not exactly a ranking that anybody wants, but one that’s crucial to pay attention to. And as we enter 2023, healthcare cybersecurity needs to be a top priority for every organization.
One of the biggest concerns with healthcare cybersecurity is privacy: who has access and to what data? With so many systems in place, it’s easy for hackers or malicious insiders to gain access to sensitive patient data. Medical records have become an increasingly valuable commodity due to their price on the black market—personal health information(PHI) can be used for identity theft and fraud.
Experian estimates that one stolen patient record can be sold for $1000—imagine the damage that could be done to a hospital’s entire patient database! The healthcare industry has the highest percentage of “internal bad threat actors,” meaning people inside the organization that cause a data breach. Employees in healthcare organizations have access to a lot of confidential information including PHI, making them particularly vulnerable to hacking or malicious intent.
Another concern is the reliance of healthcare organizations on technology, from medical devices like MRIs, CT scans, and X-rays to electronic health records (EHRs). Because these devices are critical to the lives of so many people, leadership often has to give in to the demands of hackers when under attack.
With the amount of medical technology connected to the Internet, the term “medjacking” has been coined. This refers to a malicious attack on medical equipment that can be used to disrupt, control or steal data from the devices.
After the past few years of staffing shortages, a global pandemic, and a major shift to online tools like Telehealth and virtual care, healthcare organizations are more vulnerable to cyberattacks than ever before.
The largest cyberattack last year hit Advocate Aurora Health, a system with 26 hospitals and over 75,000 employees. They installed a third-party data tracking tool on their website and patient portal, which led to 3 million patient records being compromised.
CommonSpirit Health, based in Chicago, was the victim of a ransomware attack in October 2022. The hackers accessed the records of 623,774 patients but CommonSpirit claims it was only “names, addresses, phone numbers, dates of birth and unique ID numbers used internally by the organization,” not insurance IDs. That information—while not as valuable as medical records—can still be used to commit fraud.
And while at least 15 healthcare systems were impacted by ransomware in 2022, small organizations were the major target. The American Medical Association states that 57% of medical practices have 10 or fewer employees and 10% of those are solo practitioners. Without the funds or staff to implement strong healthcare cybersecurity, these practices are extremely vulnerable.
The takeaway here? Cybersecurity awareness needs to be at the top of every healthcare organization’s priority list.
As a major target for cyberattacks, your healthcare organization needs to have a layered approach to cybersecurity, and you don’t have to do it alone. With a response time of under 1 minute and a ticket resolution time of under 30 minutes, Nexus IT is the perfect partner to keep your healthcare organization secure.
For 25 years, the healthcare sector has trusted us to keep their data and patients safe. With us on your side, you’ll have peace of mind knowing that your organization is protected from all angles: data security, medical devices, regulatory compliance, and more. Schedule a consultation with Nexus IT today to learn how our comprehensive cybersecurity solutions can help keep your healthcare organization safe from cyber threats.